File U_19-Add-NEWS-for-CVE-2023-41914.patch of Package slurm

Overview Repositories Revisions Requests Users Attributes Meta

File U_19-Add-NEWS-for-CVE-2023-41914.patch of Package slurm

From: Tim Wickberg <tim@schedmd.com>
Date: Wed Oct 11 12:45:25 2023 -0600
Subject: [PATCH 19/19]Add NEWS for CVE-2023-41914.
Patch-mainline: Upstream
Git-repo: https://github.com/SchedMD/slurm
Git-commit: 735c5520f69463f46858f5582b2eaa6615d75ae5
References: CVE-2022-29500, bsc#1216207
Signed-off-by: Egbert Eich <eich@suse.de>

Preceeding commits close a number of race conditions that could let
an attacker take control of an arbitrary file, or remove entire
directories' contents.
---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 3340c918a7..e09a25c119 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 This file describes changes in recent versions of Slurm. It primarily
 documents those changes that are of interest to users and administrators.
 
+* Backported changes
+====================
+ -- Fix filesystem handling race conditions that could lead to an attacker
+    taking control of an arbitrary file, or removing entire directories'
+    contents. CVE-2023-41914.
+
  -- CVE-2022-29500 - Prevent credential abuse.
  -- CVE-2022-29501 - Prevent abuse of REQUEST_FORWARD_DATA.

Places

File U_19-Add-NEWS-for-CVE-2023-41914.patch of Package slurm

Places