SUSE-SU-2022:3709-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223709-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3709-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3709-1
Related
Published
2022-10-24T14:23:06Z
Modified
2022-10-24T14:23:06Z
Summary
Security update for multipath-tools
Details

This update for multipath-tools fixes the following issues:

  • CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
  • CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
  • Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
  • multipathd: add 'forcereconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'forcereconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all''
  • multipathd: avoid stalled clients during reconfigure (bsc#1189551)
  • multipathd: handle client disconnect correctly (bsc#1189551)
References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15 SP2-ESPOS / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-BCL / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCL

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Linux Enterprise Server 15 SP2-LTSS / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Manager Proxy 4.1 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Manager%20Proxy%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Manager Retail Branch Server 4.1 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Manager Server 4.1 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Manager%20Server%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}

SUSE:Enterprise Storage 7 / multipath-tools

Package

Name
multipath-tools
Purl
pkg:rpm/suse/multipath-tools&distro=SUSE%20Enterprise%20Storage%207

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.2+182.6d41865-150200.4.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "libdmmp-devel": "0.8.2+182.6d41865-150200.4.14.1",
            "multipath-tools": "0.8.2+182.6d41865-150200.4.14.1",
            "kpartx": "0.8.2+182.6d41865-150200.4.14.1"
        }
    ]
}