Headline
RHSA-2022:7928: Red Hat Security Advisory: device-mapper-multipath security update
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Synopsis
Important: device-mapper-multipath security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
- device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux (CVE-2022-3787)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2138959 - CVE-2022-3787 device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Enterprise Linux for x86_64 8
SRPM
device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm
SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f
x86_64
device-mapper-multipath-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 36687b3e1ddf2cb8a910bce439e78b1133eb2c03b0c82ffc033e610298537253
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 91127f17aaed4a8090df4856238658d5595e5251dbd197c26e2d3123a3d9e240
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 32e0313e640023cd41300db95cdb72f35a259465a6ddc275776744d22b347ca5
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.i686.rpm
SHA-256: fceadf46f0281e61ab4eb39964a42affdac84ffbda74441e156c31de1424c6d5
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 26c8bab9ecb08bf5444e78e3ef3980232520ea1fdedb19cd8015ab8727c129aa
device-mapper-multipath-libs-0.8.4-28.el8_7.1.i686.rpm
SHA-256: c82626dee489a74c6389b362c9bd7b73576877a60d81377eb605991e965209ed
device-mapper-multipath-libs-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: f0958f94eb275b0d51ad7c2fe687dec2fa3cfc747130a34fda0b8a7a6a4282f5
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 142179fad5e60d238898ec197c85e4310d8e80f88009f8df129fee652f7b722b
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 71e9269bf5e52236c3ac2571fd8efb08764fffb6796e331ba55a73bccb843f02
kpartx-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 31c9fd03948f8c0269b20e00b1c02279e4301493070ea80a86718dea7268d708
kpartx-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: e0066ae94554b0678b28cff2045f119387521bd0867508caeef5ec732cf9392b
kpartx-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: d4445fef021ac54094588ab24d1a0c7d72e3bb77473a6c35ad20476971c9f461
libdmmp-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 80eccde4983a05aeb49671b43f58cb412f688ea9f05f76713adec8813d6cb955
libdmmp-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 6c4064c75ae14d90a09ceb38aff02e22b939fc7a5cde42366870f29b3f82c93c
libdmmp-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: e9749be2cb2ebda32bbbce774099d16f96a053c8738526d58a40eea0d5726567
libdmmp-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: d0d6e0525eafca8da92e107d8755de3f71054a3354f7977d4b7b64939b4c4034
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm
SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f
s390x
device-mapper-multipath-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 062cf87d89b9dbca913889cad23d0b50276f83c97feb01a53cf92fc8e3f85283
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: e26b0a7504a2d509a76909a9980d8b0d9e80ccbe443aa8fe2a14c800f2b68697
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: a8d5b1de0ae60786b4dc54bd70778cc14a2927f4fc73e05d87d38c94818c6ddd
device-mapper-multipath-libs-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: bc1708123faae7a9f4a5970eddce82ae51fc97659e0edf4ac81b6c8afecfc1d6
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 1045923cafd20ccbbf01b532688819053f0da666dbdf4c8c827698a691c655a4
kpartx-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: f0053193b3485a802d89b296421010d9e1223364b031212283ee600cd263c6d1
kpartx-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: b0ce1c682993f78e1628a7e213dd4a5da1877107173bf99eec103b9997374858
libdmmp-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: d7bd2774751dcc12f01209a0c1a3746208be31bc03ea39c4ba6963262f24c20e
libdmmp-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 0ec69a970072f7cfc15ffc20f7d18b6622c439831bd0a2dd7dc4fcccfff61308
Red Hat Enterprise Linux for Power, little endian 8
SRPM
device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm
SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f
ppc64le
device-mapper-multipath-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 41cd0da526fd3a04edeea4e11dd404a91c62f73126dbd15ecdb0f5e5f4734884
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 7f23fcabe233882ea0789790417dad954296758fabe86204f935d1b38364a289
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: a99a6ebb39d50f44db339749878d85b9d19f9adc6b96512a4baf4970e9d855f8
device-mapper-multipath-libs-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 8af6874c6d45ef4ae7a480a14ea0dc09943edcf90c65d2c83bf7156c7e2aec53
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 86eef466a553a0b9cd60642d6383b7ba708dbcf55117c77674ec00488bd95a98
kpartx-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 728bda181323877eba49f7a8241dcae8557171269d5348b3f82083e92590aebf
kpartx-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 49a8baca0913d5dd1852e68cf9618e9597d89124923ceb2ad3736d0ea299cd3b
libdmmp-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: c5cf55845d32ef17ead5c3e874f43e627fcd3010eb8d6e27c7fac34fb5e00b3d
libdmmp-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 0b040b45debd4c8fb9ec8e3a079c04c46428f66ba5e1281ae30c1efdf6ca39ca
Red Hat Enterprise Linux for ARM 64 8
SRPM
device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm
SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f
aarch64
device-mapper-multipath-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 6e7c4f4f85ea1440fcece98f998dcdc0ebce3152568126e5f4d93bf75d3b75f6
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: ae931c0befcd606cfa37beae6ed1ec5aebd413054091f07140bd2c84b4887681
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 18d08e027f94abc7390d361ed4f85918c3e2c1e36d9018ed0a6bc0d98ae061ca
device-mapper-multipath-libs-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 8763632dcba07a9cc0321687cceb8c656f79b162753a69371619646e9c1d7500
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 37ffa5eb002c311b457a22364d5adf32f3c048c42d9c21b3554c9538d48966fb
kpartx-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 0d13286e4ac3a14e83e62ab2a8d49676bbc5a6c991d2b6f231fb8a0f5c09ebfa
kpartx-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 85e4cf011c0d8e0d18cd9c82f5d8e5fdadc0b732c17fc637a2db525483ee6b73
libdmmp-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: a4f0380d0db2dd7330b3f4a5409eff8d25fecd55530f7be0300eecbc683d4fc3
libdmmp-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 7838e537a2f12fbc8b30991fb736d1472305175bb671360803d2dc55a90b9149
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 91127f17aaed4a8090df4856238658d5595e5251dbd197c26e2d3123a3d9e240
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 32e0313e640023cd41300db95cdb72f35a259465a6ddc275776744d22b347ca5
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.i686.rpm
SHA-256: fceadf46f0281e61ab4eb39964a42affdac84ffbda74441e156c31de1424c6d5
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 26c8bab9ecb08bf5444e78e3ef3980232520ea1fdedb19cd8015ab8727c129aa
device-mapper-multipath-devel-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 6e34e644febab14330944efe42703e55058f777dd0ec68002d839f0e2ebb5071
device-mapper-multipath-devel-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 87e2a9eb443e836b05815fb597f22b02294fbadadf997704e8c03ebf93116651
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: 142179fad5e60d238898ec197c85e4310d8e80f88009f8df129fee652f7b722b
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: 71e9269bf5e52236c3ac2571fd8efb08764fffb6796e331ba55a73bccb843f02
kpartx-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: e0066ae94554b0678b28cff2045f119387521bd0867508caeef5ec732cf9392b
kpartx-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: d4445fef021ac54094588ab24d1a0c7d72e3bb77473a6c35ad20476971c9f461
libdmmp-debuginfo-0.8.4-28.el8_7.1.i686.rpm
SHA-256: e9749be2cb2ebda32bbbce774099d16f96a053c8738526d58a40eea0d5726567
libdmmp-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm
SHA-256: d0d6e0525eafca8da92e107d8755de3f71054a3354f7977d4b7b64939b4c4034
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 7f23fcabe233882ea0789790417dad954296758fabe86204f935d1b38364a289
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: a99a6ebb39d50f44db339749878d85b9d19f9adc6b96512a4baf4970e9d855f8
device-mapper-multipath-devel-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 9b02e3d5fc5b542e2d2a41d5d9e88b9908c72ad0a606e1a2afc1b1532c556345
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 86eef466a553a0b9cd60642d6383b7ba708dbcf55117c77674ec00488bd95a98
kpartx-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 49a8baca0913d5dd1852e68cf9618e9597d89124923ceb2ad3736d0ea299cd3b
libdmmp-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm
SHA-256: 0b040b45debd4c8fb9ec8e3a079c04c46428f66ba5e1281ae30c1efdf6ca39ca
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: ae931c0befcd606cfa37beae6ed1ec5aebd413054091f07140bd2c84b4887681
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 18d08e027f94abc7390d361ed4f85918c3e2c1e36d9018ed0a6bc0d98ae061ca
device-mapper-multipath-devel-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: ba83e24b885164b6405da4914e6530a13010de2680b742180e2b15f2c7defdd0
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 37ffa5eb002c311b457a22364d5adf32f3c048c42d9c21b3554c9538d48966fb
kpartx-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 85e4cf011c0d8e0d18cd9c82f5d8e5fdadc0b732c17fc637a2db525483ee6b73
libdmmp-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm
SHA-256: 7838e537a2f12fbc8b30991fb736d1472305175bb671360803d2dc55a90b9149
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: e26b0a7504a2d509a76909a9980d8b0d9e80ccbe443aa8fe2a14c800f2b68697
device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: a8d5b1de0ae60786b4dc54bd70778cc14a2927f4fc73e05d87d38c94818c6ddd
device-mapper-multipath-devel-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 6ea1abc660ab47402b1141e6406421828d48dd0a624b6e4900a49c6886b59c0c
device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 1045923cafd20ccbbf01b532688819053f0da666dbdf4c8c827698a691c655a4
kpartx-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: b0ce1c682993f78e1628a7e213dd4a5da1877107173bf99eec103b9997374858
libdmmp-debuginfo-0.8.4-28.el8_7.1.s390x.rpm
SHA-256: 0ec69a970072f7cfc15ffc20f7d18b6622c439831bd0a2dd7dc4fcccfff61308
Related news
A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.
Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...
Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.
Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.
Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...
Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.
Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...
Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).
The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "
Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.
An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code * CVE-2022-40674: ex...
Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Security Advisory 2022-7928-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.
Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket
An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket