device-mapper-multipath-0.8.7-20.el9

エラータID: AXSA:2023-5420:04

Release date: 
Thursday, May 18, 2023 - 08:43
Subject: 
device-mapper-multipath-0.8.7-20.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Solution: 

Update packages.

CVEs: 
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Additional Info: 

N/A

Download: 

SRPMS
  1. device-mapper-multipath-0.8.7-20.el9.src.rpm
    MD5: f14989e23aa6d7008b28044c0a72b816
    SHA-256: 1d9b2db10faf10d8687ba6e53af42b7737679741d76060d77ea3239f7dbe7767
    Size: 657.45 kB

Asianux Server 9 for x86_64
  1. device-mapper-multipath-0.8.7-20.el9.x86_64.rpm
    MD5: 7877a8f55c021418413eaf79830f230d
    SHA-256: 78b657da44cf1bf7e93f723c28047168f47a383d3f73706cd3ebc8243e0bcac1
    Size: 143.02 kB
  2. device-mapper-multipath-devel-0.8.7-20.el9.i686.rpm
    MD5: 78654648d5d0068ffbd6386f43aa49a9
    SHA-256: cbf0811e1bf746289f5bbcb36ba75bb208ca3bc56f7e041894c68d1a671f5be7
    Size: 27.13 kB
  3. device-mapper-multipath-devel-0.8.7-20.el9.x86_64.rpm
    MD5: e985204f5b937f4ac2c8ffc1632953c7
    SHA-256: b99e373d0a1f052074011a52a9c73137255b6f3b572a509b90f3fe1ea274f7a7
    Size: 27.13 kB
  4. device-mapper-multipath-libs-0.8.7-20.el9.i686.rpm
    MD5: c8889a1019b99f62ce234409ec8decee
    SHA-256: 647ae6473e7a298b5a66fd1da9283919180b9c9d48f6b27cd2e5df29118ccafd
    Size: 285.74 kB
  5. device-mapper-multipath-libs-0.8.7-20.el9.x86_64.rpm
    MD5: e9ce9ee405e9db16e0f15704c2ee2a2d
    SHA-256: 0930f94c411bc5e72cc44bfec78ad6d275ded6e41335ee125751e6c6504f0482
    Size: 268.67 kB
  6. kpartx-0.8.7-20.el9.x86_64.rpm
    MD5: fc5a218b1f3a96f8e95c37196a140e8a
    SHA-256: 22e19c2d805fabd8f41d35a88e6ebf71fa65997fbdb4634a7caf0d5c72d26dc4
    Size: 48.77 kB