File _patchinfo of Package patchinfo.32295
<patchinfo incident="32295">
<issue tracker="cve" id="2023-49937"/>
<issue tracker="cve" id="2023-49938"/>
<issue tracker="cve" id="2023-49936"/>
<issue tracker="cve" id="2023-49933"/>
<issue tracker="bnc" id="1218051">VUL-0: CVE-2023-49937: slurm,slurm_22_05,slurm_23_02: double free</issue>
<issue tracker="bnc" id="1216869">slurm-sview illogically updates to slurm_23_02-sview</issue>
<issue tracker="bnc" id="1217711">[Slurm, slurmrestd] service file missing for slurmrestd</issue>
<issue tracker="bnc" id="1218046">VUL-0: CVE-2023-49933: slurm,slurm_22_05,slurm_23_02: Improper Enforcement of Message Integrity</issue>
<issue tracker="bnc" id="1218050">VUL-0: CVE-2023-49936: slurm,slurm_22_05,slurm_23_02: null pointer dereference</issue>
<issue tracker="bnc" id="1218053">VUL-0: CVE-2023-49938: slurm,slurm_22_05,slurm_23_02: incorrect access control</issue>
<packager>eeich</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for slurm_22_05</summary>
<description>This update for slurm_22_05 fixes the following issues:
Update to slurm 22.05.11:
Security fixes:
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)
Other fixes:
- Add missing service file for slurmrestd (bsc#1217711).
- Fix slurm upgrading to incompatible versions (bsc#1216869).
</description>
</patchinfo>