Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7187: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#kubernetes#aws#auth#sap

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-10-25

Updated:

2022-10-25

RHSA-2022:7187 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: device-mapper-multipath security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 2133988 - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM

device-mapper-multipath-0.8.0-5.el8_1.1.src.rpm

SHA-256: a351f9594b53be387e3240f379afeb6e5cffcc30f1fdc9fc5633d4443add0a38

ppc64le

device-mapper-multipath-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 8c3e2b637f9b9bddc1de5672edb13a7922619675dd6d43064485b42324b19c56

device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 48178a17225ee8e4c53b54f5b340e1e94bfef1cdda0c23ee6f543fe7c4c2cdbe

device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: e9b48d1895e0742c47b14f3493da73a34ac312b94ae86dd2f98f12d1e5ce5df3

device-mapper-multipath-libs-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: cd357ce916a37403b9c73e2cbf6b6e91b3ba9583764f2b09b8584b5725f71738

device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 182e599fb80302033c8b137f91ab2f205b4361919adf0bf5efa6b5d6ab314331

kpartx-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 38f1ffc64cdbb476d3144806beec83a350fb158cf1b6d6b7f61bcf2e8a6427cc

kpartx-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 5d94a189ebd76782cd703b0c1acd85703c9eb82c51d3b60902f6887fd9dcf7da

libdmmp-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: 272971ee197b7cda187846b5daea4f902d9ce46781034d11170539a71cf140ed

libdmmp-debuginfo-0.8.0-5.el8_1.1.ppc64le.rpm

SHA-256: f658da2cc66fea7f6275c615b00ef7687e8d71108a8802ab551f9bc9f8e39196

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM

device-mapper-multipath-0.8.0-5.el8_1.1.src.rpm

SHA-256: a351f9594b53be387e3240f379afeb6e5cffcc30f1fdc9fc5633d4443add0a38

x86_64

device-mapper-multipath-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 8161d99dd8883b5befcdf575c2761ac603b12553d1f2d2ad1f7c3de4079499d8

device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 769d26677799b286ebf5bcecd7f80a92602ac9f9233d652fa6ab0932557fbf06

device-mapper-multipath-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 94649e5d9cdac78138f35c1297901ee67964bb769faffa3c0512adeebc03e60b

device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 0f2c8757a85d7373346531b64cac71778b6b0a05fc37e4e7380bd7b89da5e054

device-mapper-multipath-debugsource-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 5eaffddf9e4940903d70344ad3fc556679c6ec969dc1ce51177b49c5101c0bae

device-mapper-multipath-libs-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 02233f6e088d75784131c5f96941f02cbf9d3a3563a1e296d67d479531f2ae64

device-mapper-multipath-libs-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: ffb9365d3b3ec8ce0d4b1ede58d2b87d6db11494d9ace3dd0850d47becf594de

device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.i686.rpm

SHA-256: d15ded201b7c9a5193aea486ffb8b1ccc796301e420712ea5d00036e31783314

device-mapper-multipath-libs-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: a122fd74c2f786850a9fd25f44f4ff7dc6b84df83bb541e47de3a32ae385a605

kpartx-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 84c9b9792e8bf7ea8568f6bfa88f2863fc12592085e2dee2e847aaf0944add46

kpartx-debuginfo-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 8083ad1434f43ab790cde2cddec4d750eea72886244bf5344baf6fffde4563dd

kpartx-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 37e4c08d2f34d412a9679c76e571004e6d79b7ee52af1257c4db84a762246c80

libdmmp-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 6382d860af55ed9519aebf66a607cda731f5a10f19ed4b0d320242080d815ba5

libdmmp-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 19267c7bb9a6e3c13f9f855fb015b981ed688591f739d448f637aceb46f59a51

libdmmp-debuginfo-0.8.0-5.el8_1.1.i686.rpm

SHA-256: 0bfd5fd3ec0294e098d7c5b55489108880e69ae112d2c81c2fa72de9a80b2f1f

libdmmp-debuginfo-0.8.0-5.el8_1.1.x86_64.rpm

SHA-256: 9b2d19a3caac3ab16e5460f4beeaa11d1fe574172915c94b7bc38ad3118f1f60

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Related news

Gentoo Linux Security Advisory 202311-06

Gentoo Linux Security Advisory 202311-6 - Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Versions greater than or equal to 0.9.3 are affected.

CVE-2022-22307: IBM Security Guardium is affected by multiple vulnerabilities

IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks. IBM X-Force ID: 216753.

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

Red Hat Security Advisory 2022-8609-01

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7874-01

Red Hat Security Advisory 2022-7874-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. Issues addressed include a code execution vulnerability.

Ubuntu Security Notice USN-5731-1

Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.

RHSA-2022:8453: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

RHSA-2022:7928: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

Red Hat Security Advisory 2022-7276-01

Red Hat Security Advisory 2022-7276-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs. Issues addressed include denial of service, server-side request forgery, and remote SQL injection vulnerabilities.

RHSA-2022:7201: Red Hat Security Advisory: OpenShift Container Platform 4.11.12 security update

Red Hat OpenShift Container Platform release 4.11.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go-getter: unsafe download (issue 3 of 3)

RHSA-2022:7276: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates

Red Hat Advanced Cluster Management for Kubernetes 2.4.8 General Availability release images, which fix security issues. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2238: search-api: SQL injection leads to remote denial of service * CVE-2022-25858: terser: insecure use of regular expressions leads to ReDoS * CVE-2022-31129: moment: inefficient parsing algorithm resulting in DoS * CVE-2022-35948: nodejs: undici vulnerable to CRLF via content headers * CVE-2022-35949: n...

Leeloo Multipath Authorization Bypass / Symlink Attack

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

Red Hat Security Advisory 2022-7191-01

Red Hat Security Advisory 2022-7191-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

RHSA-2022:7191: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

Red Hat Security Advisory 2022-7186-01

Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7185-01

Red Hat Security Advisory 2022-7185-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7187-01

Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7188-01

Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

RHSA-2022:7192: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7186: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7188: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7185: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket