SUSE-SU-2022:3711-1

Описание

This update for multipath-tools fixes the following issues:

• CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
• CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
• Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
• libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)
• multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)
• multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
• multipathd: avoid delays during uevent processing (bsc#1199347)
• multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
• Fix busy loop with delayed_reconfigure (bsc#1199342)
• multipath.conf: add support for 'protocol' subsection in 'overrides' section to set certain config options by protocol.
• Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout
• Add disclaimer about vendor support
• Change built-in defaults for NVMe: group by prio, and immediate failback
• Fixes for minor issues reported by coverity
• Fix for memory leak with uid_attrs
• Updates for built in hardware db
• Logging improvements
• multipathd: use remove_map_callback for delayed reconfigure
• Fix handling of path addition in read-only arrays on NVMe
• Updates of built-in hardware database
• libmultipath: only warn once about unsupported dev_loss_tmo