OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. https://docs.openpmix.org/en/latest/security.html https://github.com/openpmix/openpmix/releases/tag/v5.0.1 https://github.com/openpmix/openpmix/releases/tag/v4.2.6
Created pmix tracking bugs for this issue: Affects: epel-7 [bug 2239125] Affects: fedora-all [bug 2239124]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2199 https://access.redhat.com/errata/RHSA-2024:2199
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3008 https://access.redhat.com/errata/RHSA-2024:3008