Those CVEs are indeed for different software (one for PMIx, one for Slurm), even though they're ultimately for the same kind of underlying problem (chown() being used instead of lchown(), which could lead in taking over privileged files).
The Slurm patches include more fixes related to permissions and race conditions, but both vulnerabilities have been discovered and reported by the same person (Hi François! ;). CHeers, -- Kilian On Mon, Oct 16, 2023 at 9:48 AM Christopher Samuel <ch...@csamuel.org> wrote: > > On 10/16/23 08:22, Groner, Rob wrote: > > > It is my understanding that it is a different issue than pmix. > > That's my understanding too. The PMIx issue wasn't in Slurm, it was in > the PMIx code that Slurm was linked to. This CVE is for Slurm itself. > > -- > Chris Samuel : http://www.csamuel.org/ : Berkeley, CA, USA > > -- Kilian
