Skip to content

PMIx v4.0.1
Compare
Choose a tag to compare
@rhc54 rhc54 released this 12 Sep 20:13
· 1378 commits to master since this release
v4.0.1
42e302b
This commit was signed with the committer’s verified signature.
rhc54 Ralph Castain
GPG key ID: 07C041408F221846
Learn about vigilant mode.

This is a final critical bug fix release in the v4.0 series

WARNING: CVE-2023-41915

A security issue was reported by François Diakhate (CEA)
which is addressed in the PMIx v4.2.6 and v5.0.1 releases.
Older PMIx versions may be vulnerable, but are no longer
supported - however, since multiple users have stated a
desire for updated older versions, we are releasing them
without making any claims of further support.

A filesystem race condition could permit a malicious user
to obtain ownership of an arbitrary file on the filesystem
when parts of the PMIx library are called by a process
running as uid 0. This may happen under the default
configuration of certain workload managers, including Slurm.

Detailed changes include:

  • PR #3155 Do not follow links when doing "chown"

SHASUMS

5c8cc5d61b27aaba47e86f8d27d3ddb2e73c92b8  pmix-4.0.1.tar.bz2
23b510f61dac4e4a1fac07708a57797c388c5f0f  pmix-4.0.1.tar.gz
996766a6fe57da170bad999496c0a184c6761da8  pmix-4.0.1-1.src.rpm
Assets 5