cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
cherrypick from upstream master patches for known vulnerabilities:
CVE-2023-4322 – heap-buffer-overflow in the brainfuck dissassembler
CVE-2023-5686 – heap-buffer-overflow in /radare2/shlr/java/code.c
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.