Overview

File _patchinfo of Package patchinfo.26095

<patchinfo incident="26095">
  <issue tracker="bnc" id="1199278">VUL-0: CVE-2022-29500: slurm_20_02,slurm_18_08,slurm_20_11,slurm,slurmlibs: architectural flaw can be exploited to allow an unprivileged user to execute arbitrary processes as root</issue>
  <issue tracker="bnc" id="1186646">"qstat -u user_id"  prints an extraneous message related to printf.</issue>
  <issue tracker="bnc" id="1201674">VUL-0: CVE-2022-31251: slurm: %post for slurm-testsuite operates as root in user owned directory</issue>
  <issue tracker="bnc" id="1199279">VUL-0: CVE-2022-29501: slurm_20_02,slurmlibs,slurm_20_11,slurm,slurm_18_08: Unprivileged user can send data to arbitrary unix socket as root</issue>
  <issue tracker="cve" id="2022-29500"/>
  <issue tracker="cve" id="2022-31251"/>
  <issue tracker="cve" id="2022-29501"/>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for slurm_20_02</summary>
  <description>This update for slurm_20_02 fixes the following issues:


- CVE-2022-31251: Fixed security vulnerability in the test package (bsc#1201674).
- CVE-2022-29500: Fixed architectural flaw that can be exploited to allow an unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed vulnerability where an unprivileged user can send data to arbitrary unix socket as root (bsc#1199279).

Bugfixes:
- Fixed qstat error message (torque wrapper) (bsc#1186646).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places