File U_19-Add-NEWS-for-CVE-2023-41914.patch of Package slurm.32299
From: Tim Wickberg <tim@schedmd.com>
Date: Wed Oct 11 12:45:25 2023 -0600
Subject: [PATCH 19/19]Add NEWS for CVE-2023-41914.
Patch-mainline: Upstream
Git-repo: https://github.com/SchedMD/slurm
Git-commit: 735c5520f69463f46858f5582b2eaa6615d75ae5
References: CVE-2022-29500, bsc#1216207
Signed-off-by: Egbert Eich <eich@suse.de>
Preceeding commits close a number of race conditions that could let
an attacker take control of an arbitrary file, or remove entire
directories' contents.
---
NEWS | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/NEWS b/NEWS
index 3340c918a7..e09a25c119 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
This file describes changes in recent versions of Slurm. It primarily
documents those changes that are of interest to users and administrators.
+* Backported changes
+====================
+ -- Fix filesystem handling race conditions that could lead to an attacker
+ taking control of an arbitrary file, or removing entire directories'
+ contents. CVE-2023-41914.
+
-- CVE-2022-29500 - Prevent credential abuse.
-- CVE-2022-29501 - Prevent abuse of REQUEST_FORWARD_DATA.