Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5547-1] pmix security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5547-1] pmix security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5547-1] pmix security update
  • Date: Sat, 04 Nov 2023 10:12:09 +0000
  • Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
  • List-archive: https://lists.debian.org/msgid-search/E1qzDdR-00BnDd-Q0 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=RUa0reDQJaDzs3cydNr5Y+4ZN0hZT/wwyCKV+7iN+6k=; b=o4 HUlrupIUE1gdmfKLmylVQizGWFawQm0G2U7jLN/VWeqN8m+cYSjogx9GmWaTWGCo1f5yOWCrHsuiY m5zC1o8/spP0Wmd7rygsX5eL3Y3dVwHfe3KCGe9Gxs/3SdTWnpFGP1vKm4yJfnsAihsVaL6pXDKCz kXSuYmF2EaKw8AaZQApbp10mml0ME/JHYnu9XHjSIMku1bSOXl1qokOVxFbcnpFIcZhami0pmM2dP 71lOqEQGBpyhD5cMsOZH06F6eEtt5KBKtKNntiUTV37ke9hk2SCCLHAXb42SNbc03fvaD2au4VyxS acFy55o91wi0v3vZNxZERV9Z88jsVEwg==;
  • Old-return-path: <carnil AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sat, 4 Nov 2023 10:12:34 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <TnsaBgQ03dD.A.HMB.RkhRlB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5547-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
November 04, 2023 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : pmix
CVE ID : CVE-2023-41915
Debian Bug : 1051729

Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4.0.0-4.1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 4.2.2-1+deb12u1.

We recommend that you upgrade your pmix packages.

For the detailed security status of pmix please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/pmix

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmVGGG5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QdMQ/7B+6JnojbADILfhhKuVY0hFentvOj1ShNb9+m3xLCE/ZQGBtlddCmCdr1
DqOFYZ+VoxzpOSYP+uobZjo0qvisCdiig/+Pyp6zfYiYxUXoRSCU+2G9MWbxeCwS
am/xKmOVAN7h4sN7slu+hpuZf/Xr7fHJ3mmBVkq3a5Q3easj12TMmgtG0zKbQAgx
Is6HjfPkOmy3VCmMvZNlGdyVhKgaNsZt3EB8cvG70tOZtNzODKM38HVWGmKUmiSC
9Wm5tP12S0Ms/sZY5A3Cmehgojhdibd8AV4ef7OB3ibB2sK6ix1ddJN8De9pQRvS
77yJ8B5nztaiEr9vXsj/OK1IJBT5zru7KbeQvxhNZZ9F5mjYL24hTlBOO4ZnsdAV
XoO3l0yk3bq4asvECywleu+XVWgtOYpMvuJfheKGulzYH/z496yuU4DUKl7qrMki
kfUjDhXJEnJ8AdtqLlVfW80Nx5mUaunO0O2Bn7inhHqjc6qZ2QJCIME5A0EvXS42
VYczBwPBhUv3rvFfQ/zTjaIXmrnjwsHNzPkSWupOUeOAHdurC25IWFbIGwbsQRQd
Y89m6jMM8z6RazZ/5HKagxfRDxws5VBRKCnTs2npMQlh/E+EV/k6BMDnPVm+wNVy
qWY8gh1t6nEwMvMm8lBb3xHeQaM8ZcxjKoQTOL1zmLmZMn61ZpA=
=GhRh
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5547-1] pmix security update, Salvatore Bonaccorso, 04.11.2023

Archiv bereitgestellt durch MHonArc 2.6.24.

Seitenanfang