Summary: | <sys-cluster/pmix-4.2.8: root privilege escalation | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Timo Rothenpieler <timo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | UNCONFIRMED --- | ||
Severity: | trivial | CC: | cluster |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~1 [noglsa cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
Timo Rothenpieler
2023-09-18 12:54:50 UTC
CVE-2023-41915: OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. Fixes indeed appear to be in 4.2.6 and 5.0.1: https://github.com/openpmix/openpmix/releases/tag/v4.2.6 https://github.com/openpmix/openpmix/releases/tag/v5.0.1 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd296783cab97c794a2afb16c2049890ad357880 commit cd296783cab97c794a2afb16c2049890ad357880 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-12-20 10:03:19 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-12-20 10:03:29 +0000 sys-cluster/pmix: add 4.2.8 Bug: https://bugs.gentoo.org/914381 Signed-off-by: Sam James <sam@gentoo.org> sys-cluster/pmix/Manifest | 1 + sys-cluster/pmix/pmix-4.2.8.ebuild | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) |