SUSE-SU-2022:3711-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3711-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:3711-1
- Related
- Published
- 2022-10-24T14:23:58Z
- Modified
- 2022-10-24T14:23:58Z
- Summary
- Security update for multipath-tools
- Details
-
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix findmultipathstimeout for unknown hardware (bsc#1201483)
- multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for 'protocol' subsection in 'overrides' section to set certain config options by protocol.
- Removed the previously deprecated options getuidcallout, configdir, multipathdir, pgtimeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use removemapcallback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported devlosstmo
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20223711-1/
- https://bugzilla.suse.com/1197570
- https://bugzilla.suse.com/1199342
- https://bugzilla.suse.com/1199345
- https://bugzilla.suse.com/1199346
- https://bugzilla.suse.com/1199347
- https://bugzilla.suse.com/1201483
- https://bugzilla.suse.com/1202616
- https://bugzilla.suse.com/1202739
- https://www.suse.com/security/cve/CVE-2022-41973
- https://www.suse.com/security/cve/CVE-2022-41974
Affected packages
SUSE:Linux Enterprise Micro 5.3 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
SUSE:Linux Enterprise Module for Basesystem 15 SP4 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.0+62+suse.3e048d4-150400.4.7.1
Ecosystem specific
{
"binaries": [
{
"libdmmp0_2_0": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"libmpath0": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"multipath-tools-devel": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"libdmmp-devel": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"multipath-tools": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"kpartx": "0.9.0+62+suse.3e048d4-150400.4.7.1"
}
]
}
openSUSE:Leap 15.4 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=openSUSE%20Leap%2015.4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.0+62+suse.3e048d4-150400.4.7.1
Ecosystem specific
{
"binaries": [
{
"libdmmp0_2_0": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"libmpath0": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"multipath-tools-devel": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"libdmmp-devel": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"multipath-tools": "0.9.0+62+suse.3e048d4-150400.4.7.1",
"kpartx": "0.9.0+62+suse.3e048d4-150400.4.7.1"
}
]
}