Описание
ELSA-2023-2948: device-mapper-multipath security and bug fix update (MODERATE)
[0.8.4-37]
- Fix bugzilla linked to the changes (was previously linked to the wrong bug, 2162537)
- Resolves: bz #2166468
[0.8.4-36]
- Add 0129-libmultipath-select-resize-action-even-if-reload-is-.patch
- Add 0130-libmultipath-cleanup-ACT_CREATE-code-in-select_actio.patch
- Add 0131-libmultipath-keep-renames-from-stopping-other-multip.patch
- Resolves: bz #2166468
[0.8.4-35]
- Add 0127-libmultipath-don-t-leak-memory-on-invalid-strings.patch
- Add 0128-libmutipath-validate-the-argument-count-of-config-st.patch
- Resolves: bz #2155560
[0.8.4-34]
- Add 0126-libmultipath-copy-mpp-hwe-from-pp-hwe.patch
- Fixes bz #2126714
- Cleanup multiple CI tests
- Resolves: bz #2126714
[0.8.4-33]
- Add 0125-multipath-add-historical-service-time-to-the-man-pag.patch
- Fixes bz #2141996
- Modify tests/multipath_conf_syntax/main.sh
- fix unrelated test error
- Resolves: bz #2141996
[0.8.4-32]
- Add 0116-kpartx-hold-device-open-until-partitions-have-been-c.patch
- Fixes bz #2128885
- Add 0117-libmultipath-cleanup-remove_feature.patch
- Add 0118-libmultipath-cleanup-add_feature.patch
- Add 0119-multipath-tests-tests-for-adding-and-removing-featur.patch
- Add 0120-libmultipath-fix-queue_mode-feature-handling.patch
- Add 0121-multipath-tests-tests-for-reconcile_features_with_qu.patch
- Add 0122-libmultipath-prepare-proto_id-for-use-by-non-scsi-de.patch
- Add 0123-libmultipath-get-nvme-path-transport-protocol.patch
- Add 0124-libmultipath-enforce-queue_mode-bio-for-nmve-tcp-pat.patch
- Fixes bz #2022359
- Resolves: bz #2022359, #2128885
[0.8.4-31]
- Add 0114-multipathd-ignore-duplicated-multipathd-command-keys.patch
- Fixes bz #2133996
- Add 0115-multipath-tools-use-run-instead-of-dev-shm.patch
- Fixes bz #2133990
- Resolves: bz #2133990, #2133996
[0.8.4-30]
- Add 0111-multipathd-factor-out-the-code-to-flush-a-map-with-n.patch
- Add 0112-libmultipath-return-success-if-we-raced-to-remove-a-.patch
- Add 0113-multipathd-Handle-losing-all-path-in-update_map.patch
- Resolves: bz #2110485
[0.8.4-29]
- Rebuild for rhel-8.8.0
- Resolves: bz #2123446
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
device-mapper-multipath
0.8.4-37.el8
device-mapper-multipath-devel
0.8.4-37.el8
device-mapper-multipath-libs
0.8.4-37.el8
kpartx
0.8.4-37.el8
libdmmp
0.8.4-37.el8
Oracle Linux x86_64
device-mapper-multipath
0.8.4-37.el8
device-mapper-multipath-devel
0.8.4-37.el8
device-mapper-multipath-libs
0.8.4-37.el8
kpartx
0.8.4-37.el8
libdmmp
0.8.4-37.el8
Связанные CVE
Связанные уязвимости
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to ...