Lucene search
SuseSUSE-SU-2022:3711-1HistoryOct 24, 2022 - 12:00 a.m.
Security update for multipath-tools (important)
2022-10-2400:00:00
lists.opensuse.org
9
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
An update that solves two vulnerabilities and has 6 fixes
is now available.
Description:
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd.
(bsc#1202739) - Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware
(bsc#1201483) - multipath-tools: fix โmultipath -llโ for Native NVME Multipath devices
(bsc#1201483) - multipathd: donโt switch to DAEMON_IDLE during startup (bsc#1199346,
bsc#1197570) - multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Donโt keep starting TUR threads, if they always hang.
(bsc#1199345) - Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for โprotocolโ subsection in โoverridesโ
section to set certain config options by protocol. - Removed the previously deprecated options getuid_callout, config_dir,
multipath_dir, pg_timeout - Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or โzypper patchโ.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3711=1
-
SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3711=1
-
SUSE Linux Enterprise Micro 5.3:
zypper in -t patch SUSE-SLE-Micro-5.3-2022-3711=1
Related
nessus
nessus
Rocky Linux 8 : device-mapper-multipath (RLSA-2022:7192)
2022-11-17 00:00:00
Oracle Linux 9 : device-mapper-multipath (ELSA-2023-2459)
2023-05-15 00:00:00
EulerOS Virtualization 2.11.1 : multipath-tools (EulerOS-SA-2023-2046)
2023-06-07 00:00:00
cve
cve
gentoo
gentoo
multipath-tools: Multiple Vulnerabilities
2023-11-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1677)
2023-04-27 00:00:00
Debian: Security Advisory (DLA-3250-1)
2022-12-30 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1042)
2023-01-09 00:00:00
osv
osv
CVE-2022-41973
2022-10-29 18:15:12
multipath-tools vulnerabilities
2022-11-17 13:14:45
CVE-2022-41974
2022-10-29 19:15:10
suse
suse
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
prion
prion
Privilege escalation
2022-10-29 19:15:00
Privilege escalation
2022-10-29 18:15:00
Privilege escalation
2023-03-29 21:15:00
redhatcve
redhatcve
debian
debian
[SECURITY] [DSA 5366-1] multipath-tools security update
2023-03-01 11:29:12
[SECURITY] [DLA 3250-1] multipath-tools security update
2022-12-29 10:45:35
mageia
mageia
Updated multipath-tools packages fix security vulnerabilities
2024-03-18 19:12:23
alpinelinux
alpinelinux
CVE-2022-41974
2022-10-29 19:15:00
CVE-2022-41973
2022-10-29 18:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36
2022-11-10 16:19:06
debiancve
debiancve
CVE-2022-41973
2022-10-29 18:15:00
CVE-2022-41974
2022-10-29 19:15:00
ubuntucve
ubuntucve
CVE-2022-41973
2022-10-24 00:00:00
CVE-2022-41974
2022-10-24 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0476
2022-10-24 00:00:00
f5
f5
K000133058 : device-mapper-multipath vulnerability CVE-2022-41973
2023-03-18 00:00:00
K000133615 : device-mapper-multipath vulnerability CVE-2022-41974
2023-04-28 00:00:00
packetstorm
packetstorm
Leeloo Multipath Authorization Bypass / Symlink Attack
2022-10-31 00:00:00
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
ubuntu
ubuntu
multipath-tools vulnerabilities
2022-11-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2218
2023-08-22 08:47:43
qualysblog
qualysblog
Leeloo Multipath: Authorization bypass and symlink attack in multipathdย (CVE-2022-41974 and CVE-2022-41973)
2022-10-26 01:57:00
Snapd Race Condition Vulnerability in snap-confineโs must_mkdir_and_open_with_perms() (CVE-2022-3328)
2022-11-30 23:29:05
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
hivepro
hivepro
Linux flaws could be chained together to achieve root access
2022-12-09 05:58:41
cloudfoundry
cloudfoundry
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
amazon
amazon
Important: device-mapper-multipath
2022-12-01 20:31:00
thn
thn
centos
centos
device, kpartx, libdmmp security update
2022-11-30 23:01:43
oraclelinux
oraclelinux
device-mapper-multipath security and bug fix update
2023-05-15 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
redhat
redhat
(RHSA-2024:1110) Moderate: device-mapper-multipath security update
2024-03-05 10:45:01
almalinux
almalinux
Moderate: device-mapper-multipath security and bug fix update
2023-05-16 00:00:00
Moderate: device-mapper-multipath security and bug fix update
2023-05-09 00:00:00
Important: device-mapper-multipath security update
2022-10-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-1
2024-04-28 03:18:17
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-3
2023-01-17 16:46:46
CVE-2022-41974 affecting package device-mapper-multipath 0.8.6-1
2024-04-28 03:18:17
veracode
veracode
Privilege Escalation
2022-11-19 14:27:14
Authorization Bypass
2022-11-10 00:22:58
Privilege Escalation
2023-01-18 00:45:31
rocky
rocky
device-mapper-multipath security update
2022-10-25 14:41:37
device-mapper-multipath security update
2022-10-25 14:24:42
device-mapper-multipath security update
2022-11-15 15:35:59
redos
redos
ROS-20230217-01
2023-02-17 00:00:00
zdt
zdt
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Related for SUSE-SU-2022:3711-1