SUSE-SU-2022:3710-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3710-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:3710-1
- Related
- Published
- 2022-10-24T14:23:32Z
- Modified
- 2022-10-24T14:23:32Z
- Summary
- Security update for multipath-tools
- Details
-
This update for multipath-tools fixes the following issues:
- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
multipathd: add 'forcereconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'forcereconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all''
multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20223710-1/
- https://bugzilla.suse.com/1189551
- https://bugzilla.suse.com/1191900
- https://bugzilla.suse.com/1195506
- https://bugzilla.suse.com/1197570
- https://bugzilla.suse.com/1202616
- https://bugzilla.suse.com/1202739
- https://www.suse.com/security/cve/CVE-2022-41973
- https://www.suse.com/security/cve/CVE-2022-41974
Affected packages
SUSE:Linux Enterprise Module for Basesystem 15 SP3 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.8.5+126+suse.8ce8da5-150300.2.14.1
Ecosystem specific
{
"binaries": [
{
"libdmmp0_2_0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"multipath-tools-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"libdmmp-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
}
]
}
SUSE:Linux Enterprise Micro 5.1 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
SUSE:Linux Enterprise Micro 5.2 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
openSUSE:Leap Micro 5.2 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=openSUSE%20Leap%20Micro%205.2
openSUSE:Leap 15.3 / multipath-tools
Package
- Name
- multipath-tools
- Purl
- purl:rpm/suse/multipath-tools&distro=openSUSE%20Leap%2015.3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.8.5+126+suse.8ce8da5-150300.2.14.1
Ecosystem specific
{
"binaries": [
{
"libdmmp0_2_0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"multipath-tools-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"libdmmp-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
"kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
}
]
}