File _patchinfo of Package patchinfo.32306

<patchinfo incident="32306">
  <issue tracker="cve" id="2023-49936"/>
  <issue tracker="cve" id="2023-49938"/>
  <issue tracker="cve" id="2023-49933"/>
  <issue tracker="cve" id="2023-49937"/>
  <issue tracker="bnc" id="1218050">VUL-0: CVE-2023-49936: slurm,slurm_22_05,slurm_23_02: null pointer dereference</issue>
  <issue tracker="bnc" id="1218051">VUL-0: CVE-2023-49937: slurm,slurm_22_05,slurm_23_02: double free</issue>
  <issue tracker="bnc" id="1218046">VUL-0: CVE-2023-49933: slurm,slurm_22_05,slurm_23_02: Improper Enforcement of Message Integrity</issue>
  <issue tracker="bnc" id="1216869">slurm-sview illogically updates to slurm_23_02-sview</issue>
  <issue tracker="bnc" id="1218053">VUL-0: CVE-2023-49938: slurm,slurm_22_05,slurm_23_02: incorrect access control</issue>
  <packager>eeich</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for slurm_20_02</summary>
  <description>This update for slurm_20_02 fixes the following issues:

Security fixes:

- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)

Other fixes:

- Fix slurm upgrading to incompatible versions (bsc#1216869).
</description>
</patchinfo>