SUSE-SU-2023:3859-1

Опубликовано: 28 сент. 2023

Источник: suse-cvrf

Описание

Security update for pmix

This update for pmix fixes the following issues:

CVE-2023-41915: Fixed a potential vulnerability where a chown may follow a user-created link (bsc#1215190).
Install pmix-plugin-munge if munge is installed.

Список пакетов

Image SLES15-SP5-HPC-Azure

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-BYOS-Azure

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-BYOS-EC2

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-BYOS-GCE

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-Azure

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-BYOS

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-BYOS-Azure

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-BYOS-EC2

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-BYOS-GCE

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-EC2

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP6-HPC-GCE

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

SUSE Linux Enterprise Module for HPC 15 SP4

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-3.2.3-150300.3.8.1

pmix-devel-3.2.3-150300.3.8.1

pmix-headers-3.2.3-150300.3.8.1

pmix-mca-params-3.2.3-150300.3.8.1

pmix-plugin-munge-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

pmix-test-3.2.3-150300.3.8.1

SUSE Linux Enterprise Module for HPC 15 SP5

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-3.2.3-150300.3.8.1

pmix-devel-3.2.3-150300.3.8.1

pmix-headers-3.2.3-150300.3.8.1

pmix-mca-params-3.2.3-150300.3.8.1

pmix-plugin-munge-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

pmix-test-3.2.3-150300.3.8.1

openSUSE Leap 15.4

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-3.2.3-150300.3.8.1

pmix-devel-3.2.3-150300.3.8.1

pmix-headers-3.2.3-150300.3.8.1

pmix-mca-params-3.2.3-150300.3.8.1

pmix-plugin-munge-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

pmix-test-3.2.3-150300.3.8.1

openSUSE Leap 15.5

libmca_common_dstore1-3.2.3-150300.3.8.1

libpmix2-3.2.3-150300.3.8.1

pmix-3.2.3-150300.3.8.1

pmix-devel-3.2.3-150300.3.8.1

pmix-headers-3.2.3-150300.3.8.1

pmix-mca-params-3.2.3-150300.3.8.1

pmix-plugin-munge-3.2.3-150300.3.8.1

pmix-plugins-3.2.3-150300.3.8.1

pmix-test-3.2.3-150300.3.8.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20233859-1/
Link for SUSE-SU-2023:3859-1
https://lists.suse.com/pipermail/sle-updates/2023-September/031798.html
E-Mail link for SUSE-SU-2023:3859-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215190
SUSE Bug 1215190
https://www.suse.com/security/cve/CVE-2023-41915/
SUSE CVE CVE-2023-41915 page

Описание

OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.

Затронутые продукты

Image SLES15-SP5-HPC-Azure:libmca_common_dstore1-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-Azure:libpmix2-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-Azure:pmix-plugins-3.2.3-150300.3.8.1

Image SLES15-SP5-HPC-BYOS-Azure:libmca_common_dstore1-3.2.3-150300.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-41915.html
CVE-2023-41915
https://bugzilla.suse.com/1215190
SUSE Bug 1215190

SUSE-SU-2023:3859-1

Описание

Список пакетов

Image SLES15-SP5-HPC-Azure

Image SLES15-SP5-HPC-BYOS-Azure

Image SLES15-SP5-HPC-BYOS-EC2

Image SLES15-SP5-HPC-BYOS-GCE

Image SLES15-SP6-HPC

Image SLES15-SP6-HPC-Azure

Image SLES15-SP6-HPC-BYOS

Image SLES15-SP6-HPC-BYOS-Azure

Image SLES15-SP6-HPC-BYOS-EC2

Image SLES15-SP6-HPC-BYOS-GCE

Image SLES15-SP6-HPC-EC2

Image SLES15-SP6-HPC-GCE

SUSE Linux Enterprise Module for HPC 15 SP4

SUSE Linux Enterprise Module for HPC 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-41915

Описание

Затронутые продукты

Ссылки