Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:8453: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Important: device-mapper-multipath security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux (CVE-2022-3787)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 9 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 9 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x

Fixes

  • BZ - 2138959 - CVE-2022-3787 device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

Red Hat Enterprise Linux for x86_64 9

SRPM

device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm

SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736

x86_64

device-mapper-multipath-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 9f479ac1e6f106be3eaa7be881dd52d49b022b51e3964a77a10af387d4b3695e

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: e031636cd17658b53234a53eb9d4358bb84c8a7c04b424af9fdad17cb7e2c9f8

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 17130f23abe4c8bd70b33b7f0be2fada52a43a05987c09d07695ee63f4edaa65

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.i686.rpm

SHA-256: e2861cb7e958cc347808b69f0bc1345e9a347e9eb65d9563a6428589e30dd43d

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: ebd9cc3eba968ee338f030308942ad29419eca59b5a873ce00899fb8a6837113

device-mapper-multipath-libs-0.8.7-12.el9_1.1.i686.rpm

SHA-256: b6ad50ee53c37eec9eaa3346bb0aee97ffa51163ec6c39aab7ca0299571acbde

device-mapper-multipath-libs-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 5ec14e02f81f55426639a2c891f5343b697637a8b374a9dbeb56076fe458a1e0

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: b18d0a3405ee509a22b833fe1c719765c9e7442849778b119a043cdcf17d9dca

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 4fd92715c0f9919f69234704984fff1e7969f6219d453f816c0dfa3f9d19b1f7

kpartx-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 5bdff498e0faf97af75f254e9cba50db5fe5270c413ef117253f2a14e6bb2102

kpartx-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: d214c25709cc3b4fbd86c0c6a80c1319664421b119aa5ce7c4d50352bd5c1477

kpartx-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: d65ae50cbaf588800d619a59049f2a72808c403cdf446c781747bf161408a598

libdmmp-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: 38ede152b82f94d09257fe75fe6492a42f2621124855d32b726537fab9fe9e93

libdmmp-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 868f9fa4440e01c130e5fe02365e437f9bcbae8926db0733140f67be7a798036

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm

SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736

s390x

device-mapper-multipath-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: e7e03ebaa5b7c439818f8d946a674920b9bb45ebe9c853c35d9c5ad1db5c5cd5

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 39312da5b0478b1f38108648c33527cf94b5c040f1d1aef7138aa13b1a0332b6

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 371fd650692cb0e493a644f7fb10267db4d39a49afe011c92e65672c98c53cdd

device-mapper-multipath-libs-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: cf18097930bb66450d586e12fe222288080e5f4c7c83e794ea841708276b6772

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: df5c1e083ee7977147fc5af45b5d968a23538e5a64be3f166865113c721605fc

kpartx-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 6bef4428771966a9e9ade5932601dd80d1cac513e79ea20f71b67c1d853e2879

kpartx-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 25944ed6e2b8ee0f69b5baacb551198eb5a07e06b1b7ca2f36eca6987cd37fdb

libdmmp-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 55f61bcc99fc707bad320bab8896090f30b3eea9448beffc7cebe9a687f8612a

Red Hat Enterprise Linux for Power, little endian 9

SRPM

device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm

SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736

ppc64le

device-mapper-multipath-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 839193d6b8402088b3d37a1ead867057f44fbbe4413b5a1e9ad8692e2b56ae49

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: c478f62b7c20881ea2efb67eed3eed2798869c5d155316d991085ae530bf449d

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: b58e4ab890fffebfcc3aab7e6bc09b7daa4aa0b9e1c714b60d5e0c6821be6326

device-mapper-multipath-libs-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 39d731995acdba29c2d530af41604dfc566e1bf927594b55f0ca7e4787eb5e49

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 788981925db7ea26b20702a70b5a849a9719f7a83f8bbc40df4854ddf0872e5a

kpartx-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 6a29b20afa62112db6bc3ead3dd87e38ae37f9b32c4ec864fe8b05dcd1df9233

kpartx-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 0e199df92b80fd28c1112173693205f8080aee927208c8c9356a3d3dd2141c3c

libdmmp-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 9e5afdc7245384bccec2de4d8e4772e40ed4735187b1c0d43be2e9a813f794a3

Red Hat Enterprise Linux for ARM 64 9

SRPM

device-mapper-multipath-0.8.7-12.el9_1.1.src.rpm

SHA-256: 5f0805ff6c67038cb633e78f4681679be9a11563881465aae852fa0940d7c736

aarch64

device-mapper-multipath-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: b4e8fc35d051c75ffa1bac953174284cf961ce4ac314dca60ae4e1b8462a2914

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 5adde3a68844b5912cf0d562eb2693bf7bff0551ed6d7a0fc6395dd9be06b9cb

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 4f6a7647dfc85f67887311d7550119bfb5d2e04eaa19307db84240cc80cffac5

device-mapper-multipath-libs-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: dde165e17264a67de8533764faa2991c4416e720d50fbd53d4e5bf04cc371fab

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 363fb9819ca815fa9000c8b17fccdaba5d172e26da2c04dc0fce651c30602cb4

kpartx-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 12533b25404fe4ccd9a2d85f54279b37a6bdbbedd5bded787d61c15bf5b308a4

kpartx-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 59aee1dc8b9b2440b90246ee5291f078248867550a8217f732bc0e25e4f716de

libdmmp-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 3d82ad78da2ac8553eb7a2321081b5d273a085a3237429f2aa0ef6c3d630ea5e

Red Hat CodeReady Linux Builder for x86_64 9

SRPM

x86_64

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: e031636cd17658b53234a53eb9d4358bb84c8a7c04b424af9fdad17cb7e2c9f8

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 17130f23abe4c8bd70b33b7f0be2fada52a43a05987c09d07695ee63f4edaa65

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.i686.rpm

SHA-256: e2861cb7e958cc347808b69f0bc1345e9a347e9eb65d9563a6428589e30dd43d

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: ebd9cc3eba968ee338f030308942ad29419eca59b5a873ce00899fb8a6837113

device-mapper-multipath-devel-0.8.7-12.el9_1.1.i686.rpm

SHA-256: c439052fc7299198f3a07d2724d909d479a23db3c2166bc457c47baec5da6d13

device-mapper-multipath-devel-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: ed81edc3343f3d73d583e9b631936c2b00cfd7dce666802f069fd13ee08572b4

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: b18d0a3405ee509a22b833fe1c719765c9e7442849778b119a043cdcf17d9dca

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 4fd92715c0f9919f69234704984fff1e7969f6219d453f816c0dfa3f9d19b1f7

kpartx-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: d214c25709cc3b4fbd86c0c6a80c1319664421b119aa5ce7c4d50352bd5c1477

kpartx-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: d65ae50cbaf588800d619a59049f2a72808c403cdf446c781747bf161408a598

libdmmp-debuginfo-0.8.7-12.el9_1.1.i686.rpm

SHA-256: 38ede152b82f94d09257fe75fe6492a42f2621124855d32b726537fab9fe9e93

libdmmp-debuginfo-0.8.7-12.el9_1.1.x86_64.rpm

SHA-256: 868f9fa4440e01c130e5fe02365e437f9bcbae8926db0733140f67be7a798036

Red Hat CodeReady Linux Builder for Power, little endian 9

SRPM

ppc64le

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: c478f62b7c20881ea2efb67eed3eed2798869c5d155316d991085ae530bf449d

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: b58e4ab890fffebfcc3aab7e6bc09b7daa4aa0b9e1c714b60d5e0c6821be6326

device-mapper-multipath-devel-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 39de4444cd6500aabf89350d885de32e8dd1fb3487332ca107962085b7f92306

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 788981925db7ea26b20702a70b5a849a9719f7a83f8bbc40df4854ddf0872e5a

kpartx-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 0e199df92b80fd28c1112173693205f8080aee927208c8c9356a3d3dd2141c3c

libdmmp-debuginfo-0.8.7-12.el9_1.1.ppc64le.rpm

SHA-256: 9e5afdc7245384bccec2de4d8e4772e40ed4735187b1c0d43be2e9a813f794a3

Red Hat CodeReady Linux Builder for ARM 64 9

SRPM

aarch64

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 5adde3a68844b5912cf0d562eb2693bf7bff0551ed6d7a0fc6395dd9be06b9cb

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 4f6a7647dfc85f67887311d7550119bfb5d2e04eaa19307db84240cc80cffac5

device-mapper-multipath-devel-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 69cc2e29c1fbfddd9d7c7e33b931a147af0b46c53d0d1a620b4d7d8fd9d3a982

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 363fb9819ca815fa9000c8b17fccdaba5d172e26da2c04dc0fce651c30602cb4

kpartx-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 59aee1dc8b9b2440b90246ee5291f078248867550a8217f732bc0e25e4f716de

libdmmp-debuginfo-0.8.7-12.el9_1.1.aarch64.rpm

SHA-256: 3d82ad78da2ac8553eb7a2321081b5d273a085a3237429f2aa0ef6c3d630ea5e

Red Hat CodeReady Linux Builder for IBM z Systems 9

SRPM

s390x

device-mapper-multipath-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 39312da5b0478b1f38108648c33527cf94b5c040f1d1aef7138aa13b1a0332b6

device-mapper-multipath-debugsource-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 371fd650692cb0e493a644f7fb10267db4d39a49afe011c92e65672c98c53cdd

device-mapper-multipath-devel-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 304cde7e407211183d92c11cf69c3ef8e7ed6aefbe15a140371a188905e21363

device-mapper-multipath-libs-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: df5c1e083ee7977147fc5af45b5d968a23538e5a64be3f166865113c721605fc

kpartx-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 25944ed6e2b8ee0f69b5baacb551198eb5a07e06b1b7ca2f36eca6987cd37fdb

libdmmp-debuginfo-0.8.7-12.el9_1.1.s390x.rpm

SHA-256: 55f61bcc99fc707bad320bab8896090f30b3eea9448beffc7cebe9a687f8612a

Related news

CVE-2022-3787: Invalid Bug ID

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

Red Hat Security Advisory 2022-8609-01

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

RHSA-2022:8598: Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.5.3-1]

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code * CVE-2022-40674: ex...

RHSA-2022:7874: Red Hat Security Advisory: OpenShift Container Platform 4.8.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

Red Hat Security Advisory 2022-7928-01

Red Hat Security Advisory 2022-7928-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

RHSA-2022:7928: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

Leeloo Multipath Authorization Bypass / Symlink Attack

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

RHSA-2022:7191: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7187-01

Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7188-01

Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

RHSA-2022:7192: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7188: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7187: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket