It is my understanding that it is a different issue than pmix. So to be fully protected, you would need to build the latest/fixed pmix and rebuild slurm using that (or just keep pmix disabled), AND have this latest version of slurm with their fix for their own vulnerability.
Rob ________________________________ From: slurm-users <slurm-users-boun...@lists.schedmd.com> on behalf of Gerhard Strangar <g...@arcor.de> Sent: Friday, October 13, 2023 1:08 PM To: slurm-users@lists.schedmd.com <slurm-users@lists.schedmd.com> Subject: Re: [slurm-users] Slurm versions 23.02.6 and 22.05.10 are now available (CVE-2023-41914) Tim Wickberg wrote: > A number of race conditions have been identified within the > slurmd/slurmstepd processes that can lead to the user taking ownership > of an arbitrary file on the system. Is it any different than the CVE-2023-41915 in PMIx or does it just have an additional number but it's the same issue? Or did anyone mis-type the number? I couldn't find any information on CVE-2023-41914. Gerhard