SUSE-SU-2022:3710-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20223710-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:3710-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:3710-1
Related
Published
2022-10-24T14:23:32Z
Modified
2022-10-24T14:23:32Z
Summary
Security update for multipath-tools
Details

This update for multipath-tools fixes the following issues:

  • CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
  • CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)

  • multipathd: add 'forcereconfigure' option (bsc#1189551) The command 'multipathd -kreconfigure' changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting 'forcereconfigure yes' in multipath.conf (not recommended). Note: 'force_reconfigure yes' is not supported in SLE15-SP4 and beyond, which provide the command 'multipathd -k'reconfigure all''

  • multipathd: avoid stalled clients during reconfigure (bsc#1189551)

  • multipathd: handle client disconnect correctly (bsc#1189551)
  • Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
  • multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
  • multipathd: disallow changing to/from fpin marginal paths on reconfig
  • multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
  • multipath: fix exit status of multipath -T (bsc#1191900)
References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP3 / multipath-tools

Package

Name
multipath-tools
Purl
purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5+126+suse.8ce8da5-150300.2.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "libdmmp-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.1 / multipath-tools

Package

Name
multipath-tools
Purl
purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5+126+suse.8ce8da5-150300.2.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.2 / multipath-tools

Package

Name
multipath-tools
Purl
purl:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5+126+suse.8ce8da5-150300.2.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
        }
    ]
}

openSUSE:Leap Micro 5.2 / multipath-tools

Package

Name
multipath-tools
Purl
purl:rpm/suse/multipath-tools&distro=openSUSE%20Leap%20Micro%205.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5+126+suse.8ce8da5-150300.2.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
        }
    ]
}

openSUSE:Leap 15.3 / multipath-tools

Package

Name
multipath-tools
Purl
purl:rpm/suse/multipath-tools&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.8.5+126+suse.8ce8da5-150300.2.14.1

Ecosystem specific

{
    "binaries": [
        {
            "libdmmp0_2_0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "libmpath0": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "libdmmp-devel": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "multipath-tools": "0.8.5+126+suse.8ce8da5-150300.2.14.1",
            "kpartx": "0.8.5+126+suse.8ce8da5-150300.2.14.1"
        }
    ]
}