RedHat has issued an advisory on April 30: https://lwn.net/Articles/971704/ The problem is fixed in version 4.2.6 or with https://github.com/openpmix/openpmix/commit/da036933c2795c1f40d0835e15f17e204e4daf0f.
Source RPM: (none) => openpmix-4.2.3-1.mga9.src.rpmStatus comment: (none) => Fixed upstream in 4.2.6 and patch available from upstreamCVE: (none) => CVE-2023-41915
Cauldron is more than up-to-date, so this is just for M9. Assigning to ChrisD who maintains this pkg.
Assignee: bugsquad => eatdirt
thank you, I'll dig into that!
Here we go, openpmix-4.2.3-1.1.mga9 landing in core/updates_testing. This is a system library, not too much tests to do, but at least, checking that "pmix_info" returns something. ---------------- Update advisory. This update fixes a race condition allowing attackers to obtain ownership of arbitrary files (CVE-2023-41915). Updated packages in core/updates_testing: ======================== lib(64)openpmix2-4.2.3-1.1.mga9 lib(64)openpmix-devel-4.2.3-1.1.mga9 openpmix-4.2.3-1.1.mga9 Source RPMs: openpmix-4.2.3-1.1.mga9.src.rpm
Assignee: eatdirt => qa-bugsCC: (none) => eatdirt
Keywords: (none) => advisory
RH mageia 9 x86_64 LC_ALL=C urpmi /home/katnatek/qa-testing/x86_64/*.rpm To satisfy dependencies, the following packages are going to be installed: Package Version Release Arch (medium "Core Release (distrib1)") lib64event-devel 2.1.12 4.mga9 x86_64 lib64hwloc-devel 2.9.1 2.mga9 x86_64 lib64hwloc15 2.9.1 2.mga9 x86_64 lib64opencl-devel 2.3.1 2.mga9 x86_64 lib64pciaccess-devel 0.17 1.mga9 x86_64 opencl-headers 3.0 0.20230206.1> noarch (medium "Core Updates (distrib3)") lib64xml2-devel 2.10.4 1.2.mga9 x86_64 (command line) lib64openpmix-devel 4.2.3 1.1.mga9 x86_64 lib64openpmix2 4.2.3 1.1.mga9 x86_64 openpmix 4.2.3 1.1.mga9 x86_64 13MB of additional disk space will be used. 4.8MB of packages will be retrieved. Proceed with the installation of the 10 packages? (Y/n) y https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64event-devel-2.1.12-4.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64opencl-devel-2.3.1-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64hwloc15-2.9.1-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/opencl-headers-3.0-0.20230206.1.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64pciaccess-devel-0.17-1.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/release/lib64hwloc-devel-2.9.1-2.mga9.x86_64.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/x86_64/media/core/updates/lib64xml2-devel-2.10.4-1.2.mga9.x86_64.rpm installing /var/cache/urpmi/rpms/lib64pciaccess-devel-0.17-1.mga9.x86_64.rpm /var/cache/urpmi/rpms/opencl-headers-3.0-0.20230206.1.mga9.noarch.rpm /var/cache/urpmi/rpms/lib64hwloc-devel-2.9.1-2.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64xml2-devel-2.10.4-1.2.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64openpmix-devel-4.2.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64event-devel-2.1.12-4.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/lib64openpmix2-4.2.3-1.1.mga9.x86_64.rpm /home/katnatek/qa-testing/x86_64/openpmix-4.2.3-1.1.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64hwloc15-2.9.1-2.mga9.x86_64.rpm /var/cache/urpmi/rpms/lib64opencl-devel-2.3.1-2.mga9.x86_64.rpm Preparing... ################################################################################################## 1/10: lib64hwloc15 ################################################################################################## 2/10: lib64openpmix2 ################################################################################################## 3/10: lib64opencl-devel ################################################################################################## 4/10: opencl-headers ################################################################################################## 5/10: lib64event-devel ################################################################################################## 6/10: lib64xml2-devel ################################################################################################## 7/10: lib64pciaccess-devel ################################################################################################# 8/10: lib64hwloc-devel ################################################################################################## 9/10: lib64openpmix-devel ################################################################################################## 10/10: openpmix ################################################################################################## pmix_info Package: PMIx iurt@ecosse.mageia.org Distribution PMIX: 4.2.3 PMIX repo revision: gitc5661387 PMIX release date: Feb 07, 2023 PMIX Standard: 4.2 PMIX Standard ABI: Stable (0.0), Provisional (0.0) Prefix: /usr Configured architecture: pmix.arch Configure host: ecosse.mageia.org Configured by: iurt Configured on: Tue Apr 30 19:38:38 UTC 2024 Configure host: ecosse.mageia.org Configure command line: '--host=x86_64-mageia-linux-gnu' '--build=x86_64-mageia-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-devel-headers' Built by: iurt Built on: Tue Apr 30 19:39:36 UTC 2024 Built host: ecosse.mageia.org C compiler: gcc C compiler absolute: /usr/bin/gcc C compiler family name: GNU C compiler version: "12" "." "3" "." "0" Internal debug support: no dl support: yes Symbol vis. support: yes Manpages built: yes MCA bfrops: v12 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA bfrops: v20 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA bfrops: v21 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA bfrops: v3 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA bfrops: v4 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA bfrops: v41 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA gds: hash (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA gds: ds12 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA gds: ds21 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pcompress: zlib (MCA v2.1.0, API v2.0.0, Component v4.2.3) MCA pdl: pdlopen (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pfexec: linux (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pif: linux_ipv6 (MCA v2.1.0, API v2.0.0, Component v4.2.3) MCA pif: posix_ipv4 (MCA v2.1.0, API v2.0.0, Component v4.2.3) MCA pinstalldirs: env (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pinstalldirs: config (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA plog: default (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA plog: stdfd (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA plog: syslog (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pmdl: ompi (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pmdl: oshmem (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pnet: opa (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA preg: compress (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA preg: native (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA preg: raw (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA prm: slurm (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA prm: default (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psec: native (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psec: none (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psensor: file (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psensor: heartbeat (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pshmem: mmap (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psquash: flex128 (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA psquash: native (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA pstat: linux (MCA v2.1.0, API v1.0.0, Component v4.2.3) MCA ptl: client (MCA v2.1.0, API v2.0.0, Component v4.2.3) MCA ptl: server (MCA v2.1.0, API v2.0.0, Component v4.2.3) MCA ptl: tool (MCA v2.1.0, API v2.0.0, Component v4.2.3) LC_ALL=C urpme $(rpm -qa|grep openpmix) removing lib64openpmix-devel-4.2.3-1.1.mga9.x86_64 lib64openpmix2-4.2.3-1.1.mga9.x86_64 openpmix-4.2.3-1.1.mga9.x86_64 removing package lib64openpmix-devel-4.2.3-1.1.mga9.x86_64 1/3: removing lib64openpmix-devel-4.2.3-1.1.mga9.x86_64 ################################################################################################## removing package openpmix-4.2.3-1.1.mga9.x86_64 2/3: removing openpmix-4.2.3-1.1.mga9.x86_64 ################################################################################################## removing package lib64openpmix2-4.2.3-1.1.mga9.x86_64 3/3: removing lib64openpmix2-4.2.3-1.1.mga9.x86_64 ################################################################################################## writing /var/lib/rpm/installed-through-deps.list The following packages: lib64event-devel-2.1.12-4.mga9.x86_64 lib64hwloc-devel-2.9.1-2.mga9.x86_64 lib64hwloc15-2.9.1-2.mga9.x86_64 lib64opencl-devel-2.3.1-2.mga9.x86_64 lib64pciaccess-devel-0.17-1.mga9.x86_64 lib64xml2-devel-2.10.4-1.2.mga9.x86_64 opencl-headers-3.0-0.20230206.1.mga9.noarch are now orphaned, if you wish to remove them, you can use "urpme --auto-orphans" LC_ALL=C urpme --auto-orphans --auto removing lib64event-devel-2.1.12-4.mga9.x86_64 lib64hwloc-devel-2.9.1-2.mga9.x86_64 lib64hwloc15-2.9.1-2.mga9.x86_64 lib64opencl-devel-2.3.1-2.mga9.x86_64 lib64pciaccess-devel-0.17-1.mga9.x86_64 lib64xml2-devel-2.10.4-1.2.mga9.x86_64 opencl-headers-3.0-0.20230206.1.mga9.noarch removing package lib64hwloc-devel-2.9.1-2.mga9.x86_64 1/7: removing lib64hwloc-devel-2.9.1-2.mga9.x86_64 ################################################################################################## removing package lib64opencl-devel-2.3.1-2.mga9.x86_64 2/7: removing lib64opencl-devel-2.3.1-2.mga9.x86_64 ################################################################################################## removing package opencl-headers-3.0-0.20230206.1.mga9.noarch 3/7: removing opencl-headers-3.0-0.20230206.1.mga9.noarch ################################################################################################## removing package lib64pciaccess-devel-0.17-1.mga9.x86_64 4/7: removing lib64pciaccess-devel-0.17-1.mga9.x86_64 ################################################################################################## removing package lib64xml2-devel-2.10.4-1.2.mga9.x86_64 5/7: removing lib64xml2-devel-2.10.4-1.2.mga9.x86_64 ################################################################################################## removing package lib64event-devel-2.1.12-4.mga9.x86_64 6/7: removing lib64event-devel-2.1.12-4.mga9.x86_64 ################################################################################################## removing package lib64hwloc15-2.9.1-2.mga9.x86_64 7/7: removing lib64hwloc15-2.9.1-2.mga9.x86_64 ##################################################################################################
CC: (none) => andrewsfarm
Clean Install/unistall Test the suggested command
Whiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0162.html
Status: NEW => RESOLVEDResolution: (none) => FIXED