PMIx v3.2.5
This is a final critical bug fix release in the v3.2 series
WARNING: CVE-2023-41915
A security issue was reported by François Diakhate (CEA)
which is addressed in the PMIx v4.2.6 and v5.0.1 releases.
Older PMIx versions may be vulnerable, but are no longer
supported - however, since multiple users have stated a
desire for updated older versions, we are releasing them
without making any claims of further support.
A filesystem race condition could permit a malicious user
to obtain ownership of an arbitrary file on the filesystem
when parts of the PMIx library are called by a process
running as uid 0. This may happen under the default
configuration of certain workload managers, including Slurm.
Detailed changes include:
- PR #3156 Do not follow links when doing "chown"
SHASUMS
031c646387956fa9e928f7a62e04ed4629098233 pmix-3.2.5.tar.bz2
019be2e1dfc7ff28f47dc0f82cbdfec12ae0730c pmix-3.2.5.tar.gz
59a5a37c2765e5b9547f1d4686106cffac9e972a pmix-3.2.5-1.src.rpm