Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:7928: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux
Red Hat Security Data
#vulnerability#linux#red_hat#ibm

Synopsis

Important: device-mapper-multipath security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

  • device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux (CVE-2022-3787)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x

Fixes

  • BZ - 2138959 - CVE-2022-3787 device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

Red Hat Enterprise Linux for x86_64 8

SRPM

device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm

SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f

x86_64

device-mapper-multipath-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 36687b3e1ddf2cb8a910bce439e78b1133eb2c03b0c82ffc033e610298537253

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 91127f17aaed4a8090df4856238658d5595e5251dbd197c26e2d3123a3d9e240

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 32e0313e640023cd41300db95cdb72f35a259465a6ddc275776744d22b347ca5

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.i686.rpm

SHA-256: fceadf46f0281e61ab4eb39964a42affdac84ffbda74441e156c31de1424c6d5

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 26c8bab9ecb08bf5444e78e3ef3980232520ea1fdedb19cd8015ab8727c129aa

device-mapper-multipath-libs-0.8.4-28.el8_7.1.i686.rpm

SHA-256: c82626dee489a74c6389b362c9bd7b73576877a60d81377eb605991e965209ed

device-mapper-multipath-libs-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: f0958f94eb275b0d51ad7c2fe687dec2fa3cfc747130a34fda0b8a7a6a4282f5

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 142179fad5e60d238898ec197c85e4310d8e80f88009f8df129fee652f7b722b

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 71e9269bf5e52236c3ac2571fd8efb08764fffb6796e331ba55a73bccb843f02

kpartx-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 31c9fd03948f8c0269b20e00b1c02279e4301493070ea80a86718dea7268d708

kpartx-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: e0066ae94554b0678b28cff2045f119387521bd0867508caeef5ec732cf9392b

kpartx-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: d4445fef021ac54094588ab24d1a0c7d72e3bb77473a6c35ad20476971c9f461

libdmmp-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 80eccde4983a05aeb49671b43f58cb412f688ea9f05f76713adec8813d6cb955

libdmmp-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 6c4064c75ae14d90a09ceb38aff02e22b939fc7a5cde42366870f29b3f82c93c

libdmmp-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: e9749be2cb2ebda32bbbce774099d16f96a053c8738526d58a40eea0d5726567

libdmmp-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: d0d6e0525eafca8da92e107d8755de3f71054a3354f7977d4b7b64939b4c4034

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm

SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f

s390x

device-mapper-multipath-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 062cf87d89b9dbca913889cad23d0b50276f83c97feb01a53cf92fc8e3f85283

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: e26b0a7504a2d509a76909a9980d8b0d9e80ccbe443aa8fe2a14c800f2b68697

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: a8d5b1de0ae60786b4dc54bd70778cc14a2927f4fc73e05d87d38c94818c6ddd

device-mapper-multipath-libs-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: bc1708123faae7a9f4a5970eddce82ae51fc97659e0edf4ac81b6c8afecfc1d6

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 1045923cafd20ccbbf01b532688819053f0da666dbdf4c8c827698a691c655a4

kpartx-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: f0053193b3485a802d89b296421010d9e1223364b031212283ee600cd263c6d1

kpartx-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: b0ce1c682993f78e1628a7e213dd4a5da1877107173bf99eec103b9997374858

libdmmp-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: d7bd2774751dcc12f01209a0c1a3746208be31bc03ea39c4ba6963262f24c20e

libdmmp-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 0ec69a970072f7cfc15ffc20f7d18b6622c439831bd0a2dd7dc4fcccfff61308

Red Hat Enterprise Linux for Power, little endian 8

SRPM

device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm

SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f

ppc64le

device-mapper-multipath-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 41cd0da526fd3a04edeea4e11dd404a91c62f73126dbd15ecdb0f5e5f4734884

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 7f23fcabe233882ea0789790417dad954296758fabe86204f935d1b38364a289

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: a99a6ebb39d50f44db339749878d85b9d19f9adc6b96512a4baf4970e9d855f8

device-mapper-multipath-libs-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 8af6874c6d45ef4ae7a480a14ea0dc09943edcf90c65d2c83bf7156c7e2aec53

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 86eef466a553a0b9cd60642d6383b7ba708dbcf55117c77674ec00488bd95a98

kpartx-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 728bda181323877eba49f7a8241dcae8557171269d5348b3f82083e92590aebf

kpartx-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 49a8baca0913d5dd1852e68cf9618e9597d89124923ceb2ad3736d0ea299cd3b

libdmmp-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: c5cf55845d32ef17ead5c3e874f43e627fcd3010eb8d6e27c7fac34fb5e00b3d

libdmmp-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 0b040b45debd4c8fb9ec8e3a079c04c46428f66ba5e1281ae30c1efdf6ca39ca

Red Hat Enterprise Linux for ARM 64 8

SRPM

device-mapper-multipath-0.8.4-28.el8_7.1.src.rpm

SHA-256: 174260127ee92fa58762e36f978b3c216c5b4e0d8eff2e8b1ce16c382f6d748f

aarch64

device-mapper-multipath-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 6e7c4f4f85ea1440fcece98f998dcdc0ebce3152568126e5f4d93bf75d3b75f6

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: ae931c0befcd606cfa37beae6ed1ec5aebd413054091f07140bd2c84b4887681

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 18d08e027f94abc7390d361ed4f85918c3e2c1e36d9018ed0a6bc0d98ae061ca

device-mapper-multipath-libs-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 8763632dcba07a9cc0321687cceb8c656f79b162753a69371619646e9c1d7500

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 37ffa5eb002c311b457a22364d5adf32f3c048c42d9c21b3554c9538d48966fb

kpartx-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 0d13286e4ac3a14e83e62ab2a8d49676bbc5a6c991d2b6f231fb8a0f5c09ebfa

kpartx-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 85e4cf011c0d8e0d18cd9c82f5d8e5fdadc0b732c17fc637a2db525483ee6b73

libdmmp-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: a4f0380d0db2dd7330b3f4a5409eff8d25fecd55530f7be0300eecbc683d4fc3

libdmmp-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 7838e537a2f12fbc8b30991fb736d1472305175bb671360803d2dc55a90b9149

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 91127f17aaed4a8090df4856238658d5595e5251dbd197c26e2d3123a3d9e240

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 32e0313e640023cd41300db95cdb72f35a259465a6ddc275776744d22b347ca5

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.i686.rpm

SHA-256: fceadf46f0281e61ab4eb39964a42affdac84ffbda74441e156c31de1424c6d5

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 26c8bab9ecb08bf5444e78e3ef3980232520ea1fdedb19cd8015ab8727c129aa

device-mapper-multipath-devel-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 6e34e644febab14330944efe42703e55058f777dd0ec68002d839f0e2ebb5071

device-mapper-multipath-devel-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 87e2a9eb443e836b05815fb597f22b02294fbadadf997704e8c03ebf93116651

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: 142179fad5e60d238898ec197c85e4310d8e80f88009f8df129fee652f7b722b

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: 71e9269bf5e52236c3ac2571fd8efb08764fffb6796e331ba55a73bccb843f02

kpartx-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: e0066ae94554b0678b28cff2045f119387521bd0867508caeef5ec732cf9392b

kpartx-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: d4445fef021ac54094588ab24d1a0c7d72e3bb77473a6c35ad20476971c9f461

libdmmp-debuginfo-0.8.4-28.el8_7.1.i686.rpm

SHA-256: e9749be2cb2ebda32bbbce774099d16f96a053c8738526d58a40eea0d5726567

libdmmp-debuginfo-0.8.4-28.el8_7.1.x86_64.rpm

SHA-256: d0d6e0525eafca8da92e107d8755de3f71054a3354f7977d4b7b64939b4c4034

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM

ppc64le

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 7f23fcabe233882ea0789790417dad954296758fabe86204f935d1b38364a289

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: a99a6ebb39d50f44db339749878d85b9d19f9adc6b96512a4baf4970e9d855f8

device-mapper-multipath-devel-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 9b02e3d5fc5b542e2d2a41d5d9e88b9908c72ad0a606e1a2afc1b1532c556345

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 86eef466a553a0b9cd60642d6383b7ba708dbcf55117c77674ec00488bd95a98

kpartx-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 49a8baca0913d5dd1852e68cf9618e9597d89124923ceb2ad3736d0ea299cd3b

libdmmp-debuginfo-0.8.4-28.el8_7.1.ppc64le.rpm

SHA-256: 0b040b45debd4c8fb9ec8e3a079c04c46428f66ba5e1281ae30c1efdf6ca39ca

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM

aarch64

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: ae931c0befcd606cfa37beae6ed1ec5aebd413054091f07140bd2c84b4887681

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 18d08e027f94abc7390d361ed4f85918c3e2c1e36d9018ed0a6bc0d98ae061ca

device-mapper-multipath-devel-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: ba83e24b885164b6405da4914e6530a13010de2680b742180e2b15f2c7defdd0

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 37ffa5eb002c311b457a22364d5adf32f3c048c42d9c21b3554c9538d48966fb

kpartx-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 85e4cf011c0d8e0d18cd9c82f5d8e5fdadc0b732c17fc637a2db525483ee6b73

libdmmp-debuginfo-0.8.4-28.el8_7.1.aarch64.rpm

SHA-256: 7838e537a2f12fbc8b30991fb736d1472305175bb671360803d2dc55a90b9149

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM

s390x

device-mapper-multipath-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: e26b0a7504a2d509a76909a9980d8b0d9e80ccbe443aa8fe2a14c800f2b68697

device-mapper-multipath-debugsource-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: a8d5b1de0ae60786b4dc54bd70778cc14a2927f4fc73e05d87d38c94818c6ddd

device-mapper-multipath-devel-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 6ea1abc660ab47402b1141e6406421828d48dd0a624b6e4900a49c6886b59c0c

device-mapper-multipath-libs-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 1045923cafd20ccbbf01b532688819053f0da666dbdf4c8c827698a691c655a4

kpartx-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: b0ce1c682993f78e1628a7e213dd4a5da1877107173bf99eec103b9997374858

libdmmp-debuginfo-0.8.4-28.el8_7.1.s390x.rpm

SHA-256: 0ec69a970072f7cfc15ffc20f7d18b6622c439831bd0a2dd7dc4fcccfff61308

Related news

CVE-2022-3787: Invalid Bug ID

A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.

RHSA-2023:0934: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.0.1 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36567: A flaw was found in gin. This issue occurs when the default Formatter for the Logger middleware (LoggerConfig.Formatter), which is included in the Default engine, allows attackers to inject arbitrary log entries by manipulating the request path. * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to...

Red Hat Security Advisory 2023-0795-01

Red Hat Security Advisory 2023-0795-01 - Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6.

RHSA-2023:0795: Red Hat Security Advisory: RHSA: Submariner 0.13.3 - security updates and bug fixes

Submariner 0.13.3 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.6 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-32149: A vulnerability was found in the golang.org/x/text/language package. An attacker can craft an Accept-Language header which ParseAcceptLanguage will take significant time to parse. This issue leads to a denial of service, and can impact availability.

RHSA-2023:0631: Red Hat Security Advisory: RHSA: Submariner 0.14 - bug fix and security updates

Submariner 0.14 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2880: A flaw was found in the golang package, where requests forwarded by reverse proxy include the raw query parameters from the inbound request, including unparseable parameters rejected by net/http. This issue could permit query parameter smuggling when a Go ...

Red Hat Security Advisory 2023-0408-01

Red Hat Security Advisory 2023-0408-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. Issues addressed include denial of service and out of bounds read vulnerabilities.

RHSA-2023:0408: Red Hat Security Advisory: OpenShift Virtualization 4.12.0 Images security update

Red Hat OpenShift Virtualization release 4.12 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38561: golang: out-of-bounds read in golang.org/x/text/language leads to DoS * CVE-2021-44716: golang: net/http: limit growth of header canonicalization cache * CVE-2021-44717: golang: syscall: don't close fd 0 on ForkExec error * CVE-2022-1705: golang: net/http: improper sanitizat...

snap-confine must_mkdir_and_open_with_perms() Race Condition

Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).

Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems

The maintainers of the FreeBSD operating system have released updates to remediate a security vulnerability impacting the ping module that could be potentially exploited to crash the program or trigger remote code execution. The issue, assigned the identifier CVE-2022-23093, impacts all supported versions of FreeBSD and concerns a stack-based buffer overflow vulnerability in the ping service. "

Red Hat Security Advisory 2022-8609-01

Red Hat Security Advisory 2022-8609-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.7 images. Issues addressed include a bypass vulnerability.

RHSA-2022:8598: Red Hat Security Advisory: Red Hat Virtualization Host security update [ovirt-4.5.3-1]

An update for redhat-release-virtualization-host, redhat-virtualization-host, and redhat-virtualization-host-productimg is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3515: libksba: integer overflow may lead to remote code execution * CVE-2022-38177: bind: memory leak in ECDSA DNSSEC verification code * CVE-2022-38178: bind: memory leaks in EdDSA DNSSEC verification code * CVE-2022-40674: ex...

RHSA-2022:7874: Red Hat Security Advisory: OpenShift Container Platform 4.8.53 bug fix and security update

Red Hat OpenShift Container Platform release 4.8.53 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-26945: go-getter: command injection vulnerability * CVE-2022-30321: go-getter: unsafe download (issue 1 of 3) * CVE-2022-30322: go-getter: unsafe download (issue 2 of 3) * CVE-2022-30323: go...

RHSA-2022:8453: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3787: device-mapper-multipath: Regression of CVE-2022-41974 fix in Red Hat Enterprise Linux

Red Hat Security Advisory 2022-7928-01

Red Hat Security Advisory 2022-7928-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Leeloo Multipath Authorization Bypass / Symlink Attack

The Qualys Research Team has discovered authorization bypass and symlink vulnerabilities in multipathd. The authorization bypass was introduced in version 0.7.0 and the symlink vulnerability was introduced in version 0.7.7.

Red Hat Security Advisory 2022-7186-01

Red Hat Security Advisory 2022-7186-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7192-01

Red Hat Security Advisory 2022-7192-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7187-01

Red Hat Security Advisory 2022-7187-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2022-7188-01

Red Hat Security Advisory 2022-7188-01 - The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices. Issues addressed include a bypass vulnerability.

RHSA-2022:7192: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7186: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7188: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7187: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket

RHSA-2022:7185: Red Hat Security Advisory: device-mapper-multipath security update

An update for device-mapper-multipath is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41974: device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket