[slurm-announce] Slurm versions 19.05.1 and 18.08.8 are now available (CVE-2019-12838)

Tim Wickberg tim at schedmd.com
Wed Jul 10 19:27:12 UTC 2019

Slurm versions 19.05.1 and 18.08.8 are now available, and include a 
series of recent bug fixes, as well as a fix for a security 
vulnerability (CVE-2019-12838) related to the 'sacctmgr archive load' 

While fixes are only available for the currently supported 19.05 and 
18.08 releases, similar vulnerabilities affect past versions as well and 
sites are encourage to upgrade to a supported version.

SchedMD customers were informed on June 26th and provided a patch on 
request; this process is documented in our security policy [1].

Downloads are available at https://www.schedmd.com/downloads.php .

Release notes follow below.

- Tim

[1] https://www.schedmd.com/security.php

Tim Wickberg
Chief Technology Officer, SchedMD LLC
Commercial Slurm Development and Support

> * Changes in Slurm 19.05.1
> ==========================
>  -- accounting_storage/mysql - fix incorrect function names in error messages.
>  -- accounting_storage/slurmdbd - trigger an fsync() on the dbd.messages state
>     file to ensure it is committed to disk properly.
>  -- Avoid JobHeldUser state reason from being updated at allocation time.
>  -- Fix dump/load of rejected heterogeneous jobs.
>  -- For heterogeneous jobs, do not count the each component against the QOS or
>     association job limit multiple times.
>  -- Comment out documentation for the incomplete and currently unusable
>     burst_buffer/generic plugin.
>  -- Add new error ESLURM_INVALID_TIME_MIN_LIMIT to make note when a time_min
>     limit is invalid based on timelimit.
>  -- Correct slurmdb cluster record pack with NULL pointer input.
>  -- Clearer error message for ESLURM_INVALID_TIME_MIN_LIMIT.
>  -- Fix SchedulerParameter bf_min_prio_reserve error when not the last parameter
>  -- When fixing runaway jobs, change to reroll from earliest submit time, and
>     never reroll from Unix epoch.
>  -- Display submit time when running sacctmgr show runawayjobs and add format
>     option to display eligible time.
>  -- jobcomp/elasticsearch - fix minor race related to JobCompLoc setup.
>  -- For HetJobs, ensure SLURM_PACK_JOB_ID is set regardless of whether
>     PrologFlags=Alloc is enabled.
>  -- Fix PriorityFlags regression with the mutation of FAIR_TREE to NO_FAIR_TREE.
>  -- select/cons_res - fix debug flag SelectType handling in select_p_job_test.
>  -- Fix sacctmgr archive dump commit confirmation.
>  -- Prevent extra resources from being allocated when combining certain flags.
>  -- Cray - fix template generator with update cray_aries plugin names.
>  -- accounting_storage/slurmdbd - provide additional detail in several error
>     messages.
>  -- Backfill - If a job has a time_limit guess the end time of a job better
>     if OverTimeLimit is Unlimited.
>  -- Remove premature call to get system gpus before querying fake gpus that
>     should override the real.
>  -- Fix segfault in epilog_set_env() when gres_devices is NULL.
>  -- Fix (un)supported states in sacct.
>  -- Adjust build system to no longer use the AC_FUNC_MALLOC autoconf macro.
>  -- srun - restore the --cpu_bind option to srun.
>  -- Add UsageFactorSafe QOS flag to control applying UsageFactor at
>     submission/scheduling time.
>  -- Create missing reservations on DBD_MODIFY_RESV.
>  -- Add error message when attempting to update association manager and object
>     doesn't exist.
>  -- Fix security issue in accounting_storage/mysql plugin on archive file loads
>     by always escaping strings within the slurmdbd. CVE-2019-12838.

> * Changes in Slurm 18.08.7
> ==========================
>  -- Set debug statement to debug2 to avoid benign error messages.
>  -- Add SchedulerParameters option of bf_hetjob_immediate to attempt to start
>     a heterogeneous job as soon as all of its components are determined able to
>     do so.
>  -- Fix underflow causing decay thread to exit.
>  -- Fix main scheduler not considering hetjobs when building the job queue.
>  -- Fix regression for sacct to display old jobs without a start time.
>  -- Fix setting correct number of gres topology bits.
>  -- Update hetjobs pending state reason when appropriate.
>  -- Fix accounting_storage/filetxt's understanding of TRES.
>  -- Set Accrue time when not enforcing limits.
>  -- Fix srun segfault when requesting a hetjob with test_exec or bcast options.
>  -- Hide multipart priorities log message behind Priority debug flag.
>  -- sched/backfill - Make hetjobs sensitive to bf_max_job_start.
>  -- Fix slurmctld segfault due to job's partition pointer NULL dereference.
>  -- Fix issue with OR'ed job dependencies.
>  -- Add new job's bit_flags of INVALID_DEPEND to prevent rebuilding a job's
>     dependency string when it has at least one invalid and purged dependency.
>  -- Promote federation unsynced siblings log message from debug to info.
>  -- burst_buffer/cray - fix slurmctld SIGABRT due to illegal read/writes.
>  -- burst_buffer/cray - fix memory leak due to unfreed job script content.
>  -- node_features/knl_cray - fix script_argv use-after-free.
>  -- burst_buffer/cray - fix script_argv use-after-free.
>  -- Fix invalid reads of size 1 due to non null-terminated string reads.
>  -- Add extra debug2 logs to identify why BadConstraints reason is set.

More information about the slurm-announce mailing list