Francois Diakhate reported that a race condition in pmix, a library
implementing Process Management Interface (PMI) Exascale API, could
allow a malicious user to obtain ownership of an arbitrary file on the
filesystem when parts of the PMIx library are called by a process with
elevated privileges, resulting in privilege escalation. This may
happen under the default configuration of certain workload managers,
including Slurm.
More Stories
USN-7202-1: HPLIP vulnerability
Kevin Backhouse discovered that HPLIP incorrectly handled certain MDNS responses. A remote attacker could use this issue to cause HPLIP...
USN-7201-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a...
USN-7200-1: Roundcube vulnerability
It was discovered that Roundcube incorrectly handled certain file-based attachment plugins. An attacker could exploit this to gain unauthorized access...
USN-6940-2: snapd vulnerabilities
USN-6940-1 fixed vulnerabilities in snapd. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Original...
USN-7199-1: xmltok library vulnerabilities
It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application...
ZDI-25-027: (Pwn2Own) Google Chrome VideoFrame Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Google Chrome. User interaction is required to...