-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3643-1                debian-...@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 31, 2023                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : pmix
Version        : 3.1.2-3+deb10u1
CVE ID         : CVE-2023-41915
Debian Bug     : 1051729

It was discovered that there was an arbitrary file overwrite
vulnerability in pmix, a library used in parallel/cluster computing.

Attackers could have obtained ownership of arbitrary files via a
symlink-related race condition during execution of library code with
UID 0. 

For Debian 10 buster, this problem has been fixed in version
3.1.2-3+deb10u1.

We recommend that you upgrade your pmix packages.

For the detailed security status of pmix please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/pmix

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmVBKFYACgkQHpU+J9Qx
HlhwaQ//Wvxx47p4W+/8bvD1TpnEUdq3sLkAzzXL8S4w1BMhQfTqqAi7Nnuh0cez
1AGQN3msm+aowkQGyVzkrKGDmOJ/DTcNZxvEOl9R2HoAK/FmLW7FQ2f68g1Zc/lu
RKS1jFSU53b9InbDBucRDAdPgqOsEnKJ3SEfVR34Gn9yEZ3l4VzF7Wy97rjaDAOC
2vNFmZI2hE6D3wvRu4KvwjJGBAeaPX+LQ/XhAp8veoMDjhG89YgVMZyCjKmJ/zDf
OgqejwToGoYiuDgU9+yTY5Bf+qL2inXZeWX6VYZHYPNfwaHy7zUa1uKVZc7WnqmN
KA2uYoF8iguQEond/o4GN3oqLLPdNv7Svsu61ak9joir2dbI4AQDOdcivwB5S6C0
GPZ5fn+GO1uN4fQIApelnb4cnhGL+ElW4kqfLogPjWt2eCQnDU1cUztOyQRuZ/sL
D2ZOpUBvQVuwhmB0jOm4XHUr9oJf8g5VZvFYQtIxYcENLQs2kBKRjAq0Yx1Bjno7
H9JPHgAOhMaRCMJDGoh58LHu/kXegn4Kn3i74hbrJ7XSXVaM99iuPwlQvhrlmVZJ
fAgFugQFGGYq46UtojG4UYaN4YEADUKdNWd8Bb9ZU3zs9oiqtMwrN8r65a74shGa
iBaR1lG9HLj7BcoklN/wOeukqRz24lIElH6/zmFWKS6PdHXW2y8=
=wZoD
-----END PGP SIGNATURE-----

Reply via email to