Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
It’s not actually alive, but it twitches in response to soy sauce.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
A security issue was discovered in kube-apiserver that allows an
aggregated API server to redirect client traffic to any URL. This could
lead to the client performing unexpected actions as well as forwarding
the client’s API server credentials to third parties.
A vulnerability has been discovered in Atlassian Confluence Server and Data Center which could allow for data destruction. Confluence is a collaboration tool that brings people, knowledge, and ideas together in a shared workspace. Successful exploitation of this vulnerability could allow an attacker to destroy instance data.
python-pillow-9.5.0-1.fc38
Update to 9.5.0, backport fix for CVE-2023-44271.
The Department of Health and Human Services said there has been a 239% increase in large breaches
