device-mapper-multipath-0.8.4-37.el8
エラータID: AXSA:2023-5860:05
The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.
Security Fix(es):
* device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Asianux Server 8.8 Release Notes linked from the References section.
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Update packages.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
N/A
SRPMS
- device-mapper-multipath-0.8.4-37.el8.src.rpm
MD5: f1d8366c3dcb42685559a548d2798684
SHA-256: 15bac724dd013ce3e59c7a758278bb24fd88864ebc33b09c3257ff08d035e45c
Size: 740.67 kB
Asianux Server 8 for x86_64
- device-mapper-multipath-0.8.4-37.el8.x86_64.rpm
MD5: abba295fedb4ceee480876fe11b89d0b
SHA-256: ec8b5e18286630ca05b6bacf25ac630af7c55115f073c2d89faaf1b5b4a437e5
Size: 207.08 kB - device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm
MD5: bec43feeeb5a08b13db38883967382a6
SHA-256: 4de4b5921747e2754a86d72bd08bbe1cda8e715099addae3fceb151d674c356d
Size: 103.59 kB - device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm
MD5: 087fa070a6dea4a6b04a29f2abed4920
SHA-256: 55ea0629a3a60d806078a886898b8a2ada85aa2226e8727e802d0b4553e81c0b
Size: 103.57 kB - device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm
MD5: a8150136090310fe5e29d621cfbade9c
SHA-256: 926d881d974a376e30f4d7c7f79c5fe40168ab32984c9620c0f2b866959e4443
Size: 349.69 kB - device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm
MD5: 455cd4ea8cbb2e807187a62f61d9ccac
SHA-256: 1979e11a64c45934ebe76f8a19d280dc0b67f1ace0dfda8b7446c241064a1663
Size: 332.73 kB - kpartx-0.8.4-37.el8.x86_64.rpm
MD5: c39c9f6e2dc000028ebbe71773f41e07
SHA-256: 513e2c27532ea1d94fccf59e8f640d70881182f6ee2e75aa2f77ce7fbfbed884
Size: 117.68 kB - libdmmp-0.8.4-37.el8.i686.rpm
MD5: 39673c51dbd72ff725d411605b0018c7
SHA-256: 4df80c0afb41b167e0ab557c7d4f05ad75c61554bef2f6d770d9e1860be589f7
Size: 111.54 kB - libdmmp-0.8.4-37.el8.x86_64.rpm
MD5: 976dcb22d68f5b48c3ec24dbae777af7
SHA-256: 3fe8bbdfd10959cb1eee881e666dc95eaf89c3a18dc23dd665066759eaa6db46
Size: 111.26 kB