Fedora 38 : slurm (2022-6a9dc1d46b)

critical Nessus Plugin ID 211087

Synopsis

The remote Fedora host is missing one or more security updates.

Description

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-6a9dc1d46b advisory.

Automatic update for slurm-22.05.6-1.fc38.

##### **Changelog**

```
* Sun Nov 27 2022 Philip Kovacs <[email protected]> - 22.05.6-1
- Update to 22.05.6 (#2131112)
- Update deprecated vars in slurm.conf (#2133159)
* Tue Sep 6 2022 Philip Kovacs <[email protected]> - 22.05.3-2
- Add slurm to epel9 (#2072632); update spec for epel 7/8/9
- Use * Mon Nov 28 2022 Fedora Project - 22.05.6-1.fc38
- local build macro; add changelog file
* Mon Sep 5 2022 Philip Kovacs <[email protected]> - 22.05.3-1
- Update to 22.05.3
- Thanks Cristian Le ([email protected]) for his contributions
* Sat Jul 23 2022 Fedora Release Engineering <[email protected]> - 21.08.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon May 30 2022 Jitka Plesnikova <[email protected]> - 21.08.8-3
- Perl 5.36 rebuild
* Mon May 9 2022 Philip Kovacs <[email protected]> - 21.08.8-2
- Update to 21.08.8-2 (upstream re-release)
* Thu May 5 2022 Carl George <[email protected]> - 21.08.8-1
- Update to 21.08.8, resolves: rhbz#2082276
- Fix CVE-2022-29500, resolves: rhbz#2082286
- Fix CVE-2022-29501, resolves: rhbz#2082289
- Fix CVE-2022-29502, resolves: rhbz#2082293
* Sat Apr 2 2022 Philip Kovacs <[email protected]> - 21.08.6-1
- Update to 21.08.6
* Sat Jan 22 2022 Fedora Release Engineering <[email protected]> - 21.08.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Jan 14 2022 Philip Kovacs <[email protected]> - 21.08.5-1
- Update to 21.08.5
* Sun Nov 21 2021 Orion Poplawski <[email protected]> - 21.08.4-2
- Rebuild for hdf5 1.12.1
* Wed Nov 17 2021 Philip Kovacs <[email protected]> - 21.08.4-1
- Update to 21.08.4
- Closes security issue CVE-2021-43337
* Sun Oct 31 2021 Philip Kovacs <[email protected]> - 21.08.2-2
- Correct log rotation problems (#2016683, #2018508)
* Fri Oct 8 2021 Philip Kovacs <[email protected]> - 21.08.2-1
- Update to 21.08.2
- Added Fedora patches to support pmix v4
- Remove slurm-pmi(-devel) subpackages
* Tue Aug 10 2021 Orion Poplawski <[email protected]> - 20.11.8-4
- Rebuild for hdf5 1.10.7
* Fri Jul 23 2021 Fedora Release Engineering <[email protected]> - 20.11.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jul 10 2021 Bjrn Esser <[email protected]> - 20.11.8-2
- Rebuild for versioned symbols in json-c
* Sat Jul 3 2021 Philip Kovacs <[email protected]> - 20.11.8-1
- Update to 20.11.8
* Tue May 25 2021 Jitka Plesnikova <[email protected]> - 20.11.7-4
- Perl 5.34 re-rebuild updated packages
* Mon May 24 2021 Philip Kovacs <[email protected]> - 20.11.7-3
- Move auth_jwt.so plugin to base package (#1947878)
* Fri May 21 2021 Jitka Plesnikova <[email protected]> - 20.11.7-2
- Perl 5.34 rebuild
* Sat May 15 2021 Philip Kovacs <[email protected]> - 20.11.7-1
- Update to 20.11.7
- Closes security issue CVE-2021-31215
* Tue May 4 2021 Philip Kovacs <[email protected]> - 20.11.6-1
- Release of 20.11.6
* Mon Apr 12 2021 Philip Kovacs <[email protected]> - 20.11.5-2
- Add subpackage slurm-slurmrestd (Slurm REST API daemon)
* Fri Mar 26 2021 Philip Kovacs <[email protected]> - 20.11.5-1
- Release of 20.11.5
* Tue Mar 2 2021 Zbigniew Jdrzejewski-Szmek <[email protected]> - 20.11.3-3
- Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583.
* Wed Jan 27 2021 Fedora Release Engineering <[email protected]> - 20.11.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jan 19 2021 Philip Kovacs <[email protected]> - 20.11.3-1
- Release of 20.11.3
* Wed Jan 6 2021 Philip Kovacs <[email protected]> - 20.11.2-2
- Minor spec adjustments
* Tue Jan 5 2021 Philip Kovacs <[email protected]> - 20.11.2-1
- Release of 20.11.2

```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected slurm package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2022-6a9dc1d46b

Plugin Details

Severity: Critical

ID: 211087

File Name: fedora_2022-6a9dc1d46b.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/14/2024

Updated: 11/14/2024

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-29501

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2022-29502

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:38, p-cpe:/a:fedoraproject:fedora:slurm

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/28/2022

Vulnerability Publication Date: 5/13/2021

Reference Information

CVE: CVE-2021-31215, CVE-2021-43337, CVE-2022-29500, CVE-2022-29501, CVE-2022-29502