MiracleLinux 7 : device-mapper-multipath-0.4.9-136.el7 (AXSA:2022-3922:04)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3922:04 advisory. device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Tenable has extract...

device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, in conjunction with CVE-2022-41974. Local users that are able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which may lead to...

Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability

Qualys discovered a race condition CVE-2022-3328 in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability which was introduced in February 2022 by the patch for CVE-2021-44731 and detail how they exploited it in Ubuntu Server ...

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported...

CentOS: Security Advisory for device-mapper-multipath (CESA-2022:7186)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36

device-mapper-multipath provides tools to manage multipath devices by instructing the device-mapper multipath kernel module what to do. The tools are : multipath - Scan the system for multipath devices and assemble them. multipathd - Detects when paths fail and execs multipath to update things...

OESA-2022-2042 multipath-tools security update

This package provides the multipath tool and the multipathd daemon to manage dm-multipath devices. multipath can detect and set up multipath maps. multipathd sets up multipath maps automatically,monitors path devices for failure, removal, or addition, and applies the necessary changes to the...

Scientific Linux Security Update : device-mapper-multipath on SL7.x i686/x86_64 (2022:7186)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2022:7186-1 advisory. - device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket CVE-2022-41974 Note that Ness...

Leeloo Multipath Authorization Bypass / Symlink Attack

Qualys Security Advisory Leeloo Multipath: Authorization bypass and symlink attack in multipathd CVE-2022-41974 and CVE-2022-41973 ======================================================================== Contents ======================================================================== Summary...

CVE-2022-41973

multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside o...

RHEL 8 : device-mapper-multipath (RHSA-2022:7191)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2022:7191 advisory. The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Security Fixes:...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)

The Qualys Research Team has discovered two vulnerabilities in multipathd, the most important of which can be exploited for authorization bypass. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible. The Qualys Research Team combined these two vulnerabiliti...

Oracle Linux 8 : device-mapper-multipath (ELSA-2022-7192)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7192 advisory. 0.8.4-22.2 - Add 0092-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133994 Tenable has extracted the preceding description block...

Oracle Linux 7 : device-mapper-multipath (ELSA-2022-7186)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7186 advisory. 0.4.9-136.0.1 - mpathpersist: Fix Register and Ignore with 0x00 SARK Orabug: 32696195 - mpathpersist: update prkeys file on changing registrations Orabug:...

device-mapper-multipath security update

0.8.4-22.2 - Add 0092-multipathd-ignore-duplicated-multipathd-command-keys.patch - Resolves: bz 2133994...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

Important: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...