Skip to content

PMIx v3.2.5
Compare
Choose a tag to compare
@rhc54 rhc54 released this 12 Sep 20:08
· 1715 commits to master since this release
v3.2.5
29b6ce8
This commit was signed with the committer’s verified signature.
rhc54 Ralph Castain
GPG key ID: 07C041408F221846
Learn about vigilant mode.

This is a final critical bug fix release in the v3.2 series

WARNING: CVE-2023-41915

A security issue was reported by François Diakhate (CEA)
which is addressed in the PMIx v4.2.6 and v5.0.1 releases.
Older PMIx versions may be vulnerable, but are no longer
supported - however, since multiple users have stated a
desire for updated older versions, we are releasing them
without making any claims of further support.

A filesystem race condition could permit a malicious user
to obtain ownership of an arbitrary file on the filesystem
when parts of the PMIx library are called by a process
running as uid 0. This may happen under the default
configuration of certain workload managers, including Slurm.

Detailed changes include:

  • PR #3156 Do not follow links when doing "chown"

SHASUMS

031c646387956fa9e928f7a62e04ed4629098233  pmix-3.2.5.tar.bz2
019be2e1dfc7ff28f47dc0f82cbdfec12ae0730c  pmix-3.2.5.tar.gz
59a5a37c2765e5b9547f1d4686106cffac9e972a  pmix-3.2.5-1.src.rpm
Assets 5