PT-2024-41393 · Opensuse+1 · Pdsh+6

Published

2024-10-15

·

Updated

2025-02-24

·

CVE-2024-42511

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
This update for slurm and pdsh fixes the following issues:
slurm was updated to version 24.11.1 using package slurm 24 11:
  • Security issues fixed:
  • CVE-2024-48936: Fixed authentication handling in stepmgr that could permit an attacker to execute processes under other users' jobs (bsc#1236722)
  • CVE-2024-42511: Fixed vulnerability with switch plugins where a user could override the isolation between Slingshot VNIs or IMEX channels (bsc#1236726)
  • Important remarks:
  • Slurm can be upgraded from version 23.02, 23.11 or 24.05 to version 24.11 without loss of jobs or other state information. Upgrading directly from an earlier version of Slurm will result in loss of state information.
  • If using the slurmdbd (Slurm DataBase Daemon) you must update this first.
  • The 24.11 slurmdbd will work with Slurm daemons of version 23.02 and above. You will not need to update all clusters at the same time, but it is very important to update slurmdbd first and having it running before updating any other clusters making use of it.
  • If using a backup DBD you must start the primary first to do any database conversion, the backup will not start until this has happened.
  • All SPANK plugins must be recompiled when upgrading from any Slurm version prior to 24.11.
  • Highlights of changes:
  • Fixed issues related to the modified startup handling for slurmdbd: moved PID file to /run/slurmdbd (bsc#1236928)
  • Create slurm-owned log file on behalf of slurmdbd (bsc#1236929)
  • Added report AccountUtilizationByQOS to sreport.
  • AccountUtilizationByUser is able to be filtered by QOS.
  • Added autodetected gpus to the output of slurmd -C
  • Added ability to submit jobs with multiple QOS. These are sorted by priority highest being the first.
  • Removed the instant on feature from switch/hpe slingshot.
  • slurmctld : Changed incoming RPC handling to dedicated thread pool with asynchronous handling of I/O that can be configured via conmgr * entries under SlurmctldParameters in slurm.conf.
  • Configuration File Changes (see appropriate man page for details)
  • Added SchedulerParameters=bf allow magnetic slot option. It allows jobs in magnetic reservations to be planned by backfill scheduler.
  • Added TopologyParam=TopoMaxSizeUnroll=# to allow --nodes=<min>-<max> for topology/block.
  • Added DataParserParameters slurm.conf parameter to allow setting default value for CLI --json and --yaml arguments.
  • Hardware collectives in switch/hpe slingshot now requires enable stepmgr.
  • Added connection related parameters to slurm.conf under SlurmctldParameters: conmgr max connections: Defaults to 150 connections. conmgr threads: Defaults to 64 threads for slurmctld. conmgr use poll: Defaults is to use epoll in Linux. conmgr connect timeout: Defaults to MessageTimeout. conmgr read timeout: Defaults to MessageTimeout. conmgr wait write delay: Defaults to MessageTimeout. conmgr write timeout: Defaults to MessageTimeout.
  • Added SlurmctldParamters=ignore constraint validation to ignore constraint/feature validation at submission.
  • Added SchedulerParameters=bf topopt enable option to enable experimental hook to control backfill.
  • Command Changes (see man pages for details):
  • Remove srun --cpu-bind=rank.
  • Add '%b' as a file name pattern for the array task id modulo 10.
  • sacct : Respect --noheader for --batch-script and --env-vars.
  • Add sacctmgr ping command to query status of slurmdbd.
  • sbcast : Add --nodelist option to specify where files are transmitted to
  • sbcast : Add --no-allocation option to transmit files to nodes outside of a job allocation.
  • slurmdbd : Add -u option. This is used to determine if restarting the DBD will result in database conversion.
  • Remove salloc --get-user-env.
  • scontrol : Add --json/--yaml support to listpids.
  • scontrol : Add liststeps.
  • scontrol : Add listjobs.
  • scontrol show topo : Show aggregated block sizes when using topology/block.
  • API Changes:
  • Remove burst buffer/lua call slurm.job info to string().
  • job submit/lua : Add assoc qos attribute to job desc to display all potential QOS's for a job's association.
  • job submit/lua : Add slurm.get qos priority() function to retrieve the given QOS's priority.
  • SLURMRESTD Changes:
  • Removed fields deprecated in the Slurm-23.11 release from v0.0.42 endpoints.
  • Removed v0.0.39 plugins.
  • Set data parser/v0.0.42+prefer refs flag to default.
  • Add data parser/v0.0.42+minimize refs flag to inline single referenced schemas in the OpenAPI schema to get default behavior of data parser/v0.0.41.
  • Rename v0.0.42 JOB INFO field minimum switches to required switches to reflect the actual behavior.
  • Rename v0.0.42 ACCOUNT CONDITION field assocation to association (typo).
  • Tag slurmdb/v0.0.42/jobs pid field deprecated.
  • For details on the changes in this version update, consult Slurm 24.11 changelog
pdsh was updated from version 2.34 to 2.35:
  • IMPORTANT NOTE: pdsh version 2.35 is not compatible with Slurm versions below 20.11
  • Key changes of version 2.35:
  • Added -d option to log errors
  • build: use LDADD instead of LDFLAGS for libcommon.la
  • dsbak: fixed handling of empty input lines
  • ssh: fixed sshcmd signal on macos
  • Other changes:
  • Fixed version test for munge build (bsc#1236156)
  • Dropped Slurm support for s390x and i586: Slurm no longer builds for s390x or 32bit
  • Implementation of package pdsh-slurm 24 11 compatible with Slurm 24.11

Related Identifiers

CVE-2024-42511
OPENSUSE-SU-2024:14404-1
SUSE-FU-2025:0660-1
SUSE-FU-2025:0661-1

Affected Products

Pdsh
Pdsh Slurm 20 11
Pdsh Slurm 22 05
Pdsh Slurm 23 02
Pdsh Slurm 24 11
Slurm
Slurm 24 11