Ubuntu: 6434-1 Moderate: PMIx File Overwrite And Escalation Risk
ubuntu
October 18, 2023
PMIx could be made to overwrite files.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: PMIx could be made to overwrite files. Software Description: - pmix: Process Management Interface (Exascale) library - tools Details: Francois Diakhate discovered that PMIx did not properly handle race conditions in the pmix library, which could lead to unwanted privilege escalation. An attacker could possibly use this issue to obtain ownership of an arbitrary file on the filesystem, under the default configuration of the application.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): libpmix-bin 4.1.2-2ubuntu1+esm1 libpmix2 4.1.2-2ubuntu1+esm1 python3-pmix 4.1.2-2ubuntu1+esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): libpmi1-pmix 3.1.5-1ubuntu0.1~esm1 libpmi2-pmix 3.1.5-1ubuntu0.1~esm1 libpmix2 3.1.5-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libpmi1-pmix 2.1.1~rc1-1ubuntu0.1~esm1 libpmi2-pmix 2.1.1~rc1-1ubuntu0.1~esm1 libpmix2 2.1.1~rc1-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6434-1
CVE-2023-41915
PREVIOUS 
NEXT Ubuntu Security Notice USN-6434-1
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!