Headline
RHSA-2022:8453: Red Hat Security Advisory: device-mapper-multipath security update
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Synopsis
Important: device-mapper-multipath security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
- device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux (CVE-2022-3787)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for x86_64 9 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x
Fixes
- BZ - 2138959 - CVE-2022-3787 device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Enterprise Linux for x86_64 9
SRPM
device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm
SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736
x86_64
device-mapper-multipath-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 9f479ac1e6f106be3eaa7be881dd52d49b022b51e3964a77a10af387d4b3695e
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: e031636cd17658b53234a53eb9d4358bb84c8a7c04b424af9fdad17cb7e2c9f8
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 17130f23abe4c8bd70b33b7f0be2fada52a43a05987c09d07695ee63f4edaa65
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.i686.rpm
SHA-256: e2861cb7e958cc347808b69f0bc1345e9a347e9eb65d9563a6428589e30dd43d
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: ebd9cc3eba968ee338f030308942ad29419eca59b5a873ce00899fb8a6837113
device-mapper-multipath-libs-0.8.7-12.el9_1.1.i686.rpm
SHA-256: b6ad50ee53c37eec9eaa3346bb0aee97ffa51163ec6c39aab7ca0299571acbde
device-mapper-multipath-libs-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 5ec14e02f81f55426639a2c891f5343b697637a8b374a9dbeb56076fe458a1e0
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: b18d0a3405ee509a22b833fe1c719765c9e7442849778b119a043cdcf17d9dca
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 4fd92715c0f9919f69234704984fff1e7969f6219d453f816c0dfa3f9d19b1f7
kpartx-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 5bdff498e0faf97af75f254e9cba50db5fe5270c413ef117253f2a14e6bb2102
kpartx-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: d214c25709cc3b4fbd86c0c6a80c1319664421b119aa5ce7c4d50352bd5c1477
kpartx-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: d65ae50cbaf588800d619a59049f2a72808c403cdf446c781747bf161408a598
libdmmp-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: 38ede152b82f94d09257fe75fe6492a42f2621124855d32b726537fab9fe9e93
libdmmp-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 868f9fa4440e01c130e5fe02365e437f9bcbae8926db0733140f67be7a798036
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm
SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736
s390x
device-mapper-multipath-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: e7e03ebaa5b7c439818f8d946a674920b9bb45ebe9c853c35d9c5ad1db5c5cd5
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 39312da5b0478b1f38108648c33527cf94b5c040f1d1aef7138aa13b1a0332b6
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 371fd650692cb0e493a644f7fb10267db4d39a49afe011c92e65672c98c53cdd
device-mapper-multipath-libs-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: cf18097930bb66450d586e12fe222288080e5f4c7c83e794ea841708276b6772
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: df5c1e083ee7977147fc5af45b5d968a23538e5a64be3f166865113c721605fc
kpartx-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 6bef4428771966a9e9ade5932601dd80d1cac513e79ea20f71b67c1d853e2879
kpartx-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 25944ed6e2b8ee0f69b5baacb551198eb5a07e06b1b7ca2f36eca6987cd37fdb
libdmmp-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 55f61bcc99fc707bad320bab8896090f30b3eea9448beffc7cebe9a687f8612a
Red Hat Enterprise Linux for Power, little endian 9
SRPM
device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm
SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736
ppc64le
device-mapper-multipath-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 839193d6b8402088b3d37a1ead867057f44fbbe4413b5a1e9ad8692e2b56ae49
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: c478f62b7c20881ea2efb67eed3eed2798869c5d155316d991085ae530bf449d
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: b58e4ab890fffebfcc3aab7e6bc09b7daa4aa0b9e1c714b60d5e0c6821be6326
device-mapper-multipath-libs-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 39d731995acdba29c2d530af41604dfc566e1bf927594b55f0ca7e4787eb5e49
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 788981925db7ea26b20702a70b5a849a9719f7a83f8bbc40df4854ddf0872e5a
kpartx-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 6a29b20afa62112db6bc3ead3dd87e38ae37f9b32c4ec864fe8b05dcd1df9233
kpartx-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 0e199df92b80fd28c1112173693205f8080aee927208c8c9356a3d3dd2141c3c
libdmmp-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 9e5afdc7245384bccec2de4d8e4772e40ed4735187b1c0d43be2e9a813f794a3
Red Hat Enterprise Linux for ARM 64 9
SRPM
device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm
SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736
aarch64
device-mapper-multipath-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: b4e8fc35d051c75ffa1bac953174284cf961ce4ac314dca60ae4e1b8462a2914
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 5adde3a68844b5912cf0d562eb2693bf7bff0551ed6d7a0fc6395dd9be06b9cb
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 4f6a7647dfc85f67887311d7550119bfb5d2e04eaa19307db84240cc80cffac5
device-mapper-multipath-libs-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: dde165e17264a67de8533764faa2991c4416e720d50fbd53d4e5bf04cc371fab
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 363fb9819ca815fa9000c8b17fccdaba5d172e26da2c04dc0fce651c30602cb4
kpartx-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 12533b25404fe4ccd9a2d85f54279b37a6bdbbedd5bded787d61c15bf5b308a4
kpartx-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 59aee1dc8b9b2440b90246ee5291f078248867550a8217f732bc0e25e4f716de
libdmmp-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 3d82ad78da2ac8553eb7a2321081b5d273a085a3237429f2aa0ef6c3d630ea5e
Red Hat CodeReady Linux Builder for x86_64 9
SRPM
x86_64
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: e031636cd17658b53234a53eb9d4358bb84c8a7c04b424af9fdad17cb7e2c9f8
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 17130f23abe4c8bd70b33b7f0be2fada52a43a05987c09d07695ee63f4edaa65
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.i686.rpm
SHA-256: e2861cb7e958cc347808b69f0bc1345e9a347e9eb65d9563a6428589e30dd43d
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: ebd9cc3eba968ee338f030308942ad29419eca59b5a873ce00899fb8a6837113
device-mapper-multipath-devel-0.8.7-12.el9_1.1.i686.rpm
SHA-256: c439052fc7299198f3a07d2724d909d479a23db3c2166bc457c47baec5da6d13
device-mapper-multipath-devel-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: ed81edc3343f3d73d583e9b631936c2b00cfd7dce666802f069fd13ee08572b4
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: b18d0a3405ee509a22b833fe1c719765c9e7442849778b119a043cdcf17d9dca
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 4fd92715c0f9919f69234704984fff1e7969f6219d453f816c0dfa3f9d19b1f7
kpartx-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: d214c25709cc3b4fbd86c0c6a80c1319664421b119aa5ce7c4d50352bd5c1477
kpartx-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: d65ae50cbaf588800d619a59049f2a72808c403cdf446c781747bf161408a598
libdmmp-debuginfo-0.8.7-12.el9_1.1.i686.rpm
SHA-256: 38ede152b82f94d09257fe75fe6492a42f2621124855d32b726537fab9fe9e93
libdmmp-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm
SHA-256: 868f9fa4440e01c130e5fe02365e437f9bcbae8926db0733140f67be7a798036
Red Hat CodeReady Linux Builder for Power, little endian 9
SRPM
ppc64le
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: c478f62b7c20881ea2efb67eed3eed2798869c5d155316d991085ae530bf449d
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: b58e4ab890fffebfcc3aab7e6bc09b7daa4aa0b9e1c714b60d5e0c6821be6326
device-mapper-multipath-devel-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 39de4444cd6500aabf89350d885de32e8dd1fb3487332ca107962085b7f92306
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 788981925db7ea26b20702a70b5a849a9719f7a83f8bbc40df4854ddf0872e5a
kpartx-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 0e199df92b80fd28c1112173693205f8080aee927208c8c9356a3d3dd2141c3c
libdmmp-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm
SHA-256: 9e5afdc7245384bccec2de4d8e4772e40ed4735187b1c0d43be2e9a813f794a3
Red Hat CodeReady Linux Builder for ARM 64 9
SRPM
aarch64
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 5adde3a68844b5912cf0d562eb2693bf7bff0551ed6d7a0fc6395dd9be06b9cb
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 4f6a7647dfc85f67887311d7550119bfb5d2e04eaa19307db84240cc80cffac5
device-mapper-multipath-devel-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 69cc2e29c1fbfddd9d7c7e33b931a147af0b46c53d0d1a620b4d7d8fd9d3a982
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 363fb9819ca815fa9000c8b17fccdaba5d172e26da2c04dc0fce651c30602cb4
kpartx-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 59aee1dc8b9b2440b90246ee5291f078248867550a8217f732bc0e25e4f716de
libdmmp-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm
SHA-256: 3d82ad78da2ac8553eb7a2321081b5d273a085a3237429f2aa0ef6c3d630ea5e
Red Hat CodeReady Linux Builder for IBM z Systems 9
SRPM
s390x
device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 39312da5b0478b1f38108648c33527cf94b5c040f1d1aef7138aa13b1a0332b6
device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 371fd650692cb0e493a644f7fb10267db4d39a49afe011c92e65672c98c53cdd
device-mapper-multipath-devel-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 304cde7e407211183d92c11cf69c3ef8e7ed6aefbe15a140371a188905e21363
device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: df5c1e083ee7977147fc5af45b5d968a23538e5a64be3f166865113c721605fc
kpartx-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 25944ed6e2b8ee0f69b5baacb551198eb5a07e06b1b7ca2f36eca6987cd37fdb
libdmmp-debuginfo-0.8.7-12.el9_1.1.s390x.rpm
SHA-256: 55f61bcc99fc707bad320bab8896090f30b3eea9448beffc7cebe9a687f8612a
Related news
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code * CVE-2022-40674: ex...
Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
Red Hat Security Advisory 2022-7928-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket