-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3643-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb October 31, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : pmix Version : 3.1.2-3+deb10u1 CVE ID : CVE-2023-41915 Debian Bug : 1051729 It was discovered that there was an arbitrary file overwrite vulnerability in pmix, a library used in parallel/cluster computing. Attackers could have obtained ownership of arbitrary files via a symlink-related race condition during execution of library code with UID 0. For Debian 10 buster, this problem has been fixed in version 3.1.2-3+deb10u1. We recommend that you upgrade your pmix packages. For the detailed security status of pmix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pmix Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmVBKFYACgkQHpU+J9Qx HlhwaQ//Wvxx47p4W+/8bvD1TpnEUdq3sLkAzzXL8S4w1BMhQfTqqAi7Nnuh0cez 1AGQN3msm+aowkQGyVzkrKGDmOJ/DTcNZxvEOl9R2HoAK/FmLW7FQ2f68g1Zc/lu RKS1jFSU53b9InbDBucRDAdPgqOsEnKJ3SEfVR34Gn9yEZ3l4VzF7Wy97rjaDAOC 2vNFmZI2hE6D3wvRu4KvwjJGBAeaPX+LQ/XhAp8veoMDjhG89YgVMZyCjKmJ/zDf OgqejwToGoYiuDgU9+yTY5Bf+qL2inXZeWX6VYZHYPNfwaHy7zUa1uKVZc7WnqmN KA2uYoF8iguQEond/o4GN3oqLLPdNv7Svsu61ak9joir2dbI4AQDOdcivwB5S6C0 GPZ5fn+GO1uN4fQIApelnb4cnhGL+ElW4kqfLogPjWt2eCQnDU1cUztOyQRuZ/sL D2ZOpUBvQVuwhmB0jOm4XHUr9oJf8g5VZvFYQtIxYcENLQs2kBKRjAq0Yx1Bjno7 H9JPHgAOhMaRCMJDGoh58LHu/kXegn4Kn3i74hbrJ7XSXVaM99iuPwlQvhrlmVZJ fAgFugQFGGYq46UtojG4UYaN4YEADUKdNWd8Bb9ZU3zs9oiqtMwrN8r65a74shGa iBaR1lG9HLj7BcoklN/wOeukqRz24lIElH6/zmFWKS6PdHXW2y8= =wZoD -----END PGP SIGNATURE-----
