1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 5547-1] pmix security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Nov 4 11:20:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5547-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso November 04, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pmix
    CVE ID : CVE-2023-41915
    Debian Bug : 1051729

    Francois Diakhate reported that a race condition in pmix, a library implementing Process Management Interface (PMI) Exascale API, could
    allow a malicious user to obtain ownership of an arbitrary file on the filesystem when parts of the PMIx library are called by a process with
    elevated privileges, resulting in privilege escalation. This may
    happen under the default configuration of certain workload managers,
    including Slurm.

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 4.0.0-4.1+deb11u1.

    For the stable distribution (bookworm), this problem has been fixed in
    version 4.2.2-1+deb12u1.

    We recommend that you upgrade your pmix packages.

    For the detailed security status of pmix please refer to its security
    tracker page at:
    https://security-tracker.debian.org/tracker/pmix

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVGGG5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QdMQ/7B+6JnojbADILfhhKuVY0hFentvOj1ShNb9+m3xLCE/ZQGBtlddCmCdr1 DqOFYZ+VoxzpOSYP+uobZjo0qvisCdiig/+Pyp6zfYiYxUXoRSCU+2G9MWbxeCwS am/xKmOVAN7h4sN7slu+hpuZf/Xr7fHJ3mmBVkq3a5Q3easj12TMmgtG0zKbQAgx Is6HjfPkOmy3VCmMvZNlGdyVhKgaNsZt3EB8cvG70tOZtNzODKM38HVWGmKUmiSC 9Wm5tP12S0Ms/sZY5A3Cmehgojhdibd8AV4ef7OB3ibB2sK6ix1ddJN8De9pQRvS 77yJ8B5nztaiEr9vXsj/OK1IJBT5zru7KbeQvxhNZZ9F5mjYL24hTlBOO4ZnsdAV XoO3l0yk3bq4asvECywleu+XVWgtOYpMvuJfheKGulzYH/z496yuU4DUKl7qrMki kfUjDhXJEnJ8AdtqLlVfW80Nx5mUaunO0O2Bn7inhHqjc6qZ2QJCIME5A0EvXS42 VYczBwPBhUv3rvFfQ/zTjaIXmrnjwsHNzPkSWupOUeOAHdurC25IWFbIGwbsQRQd Y89m6jMM8z6RazZ/5HKagxfRDxws5VBRKCnTs2npMQlh/E+EV/k6BMDnPVm+wNVy qWY8gh1t6nEwMvMm8lBb3xHeQaM8ZcxjKoQTOL1zmLmZMn61ZpA=
    =GhRh
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)