device-mapper-multipath-0.8.4-37.el8

エラータID: AXSA:2023-5860:05

Release date: 
Tuesday, June 6, 2023 - 08:22
Subject: 
device-mapper-multipath-0.8.4-37.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The device-mapper-multipath packages provide tools that use the device-mapper multipath kernel module to manage multipath devices.

Security Fix(es):

* device-mapper-multipath: multipathd: insecure handling of files in /dev/shm leading to symlink attack (CVE-2022-41973)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.8 Release Notes linked from the References section.

CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.

Solution: 

Update packages.

CVEs: 
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
Additional Info: 

N/A

Download: 

SRPMS
  1. device-mapper-multipath-0.8.4-37.el8.src.rpm
    MD5: f1d8366c3dcb42685559a548d2798684
    SHA-256: 15bac724dd013ce3e59c7a758278bb24fd88864ebc33b09c3257ff08d035e45c
    Size: 740.67 kB

Asianux Server 8 for x86_64
  1. device-mapper-multipath-0.8.4-37.el8.x86_64.rpm
    MD5: abba295fedb4ceee480876fe11b89d0b
    SHA-256: ec8b5e18286630ca05b6bacf25ac630af7c55115f073c2d89faaf1b5b4a437e5
    Size: 207.08 kB
  2. device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm
    MD5: bec43feeeb5a08b13db38883967382a6
    SHA-256: 4de4b5921747e2754a86d72bd08bbe1cda8e715099addae3fceb151d674c356d
    Size: 103.59 kB
  3. device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm
    MD5: 087fa070a6dea4a6b04a29f2abed4920
    SHA-256: 55ea0629a3a60d806078a886898b8a2ada85aa2226e8727e802d0b4553e81c0b
    Size: 103.57 kB
  4. device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm
    MD5: a8150136090310fe5e29d621cfbade9c
    SHA-256: 926d881d974a376e30f4d7c7f79c5fe40168ab32984c9620c0f2b866959e4443
    Size: 349.69 kB
  5. device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm
    MD5: 455cd4ea8cbb2e807187a62f61d9ccac
    SHA-256: 1979e11a64c45934ebe76f8a19d280dc0b67f1ace0dfda8b7446c241064a1663
    Size: 332.73 kB
  6. kpartx-0.8.4-37.el8.x86_64.rpm
    MD5: c39c9f6e2dc000028ebbe71773f41e07
    SHA-256: 513e2c27532ea1d94fccf59e8f640d70881182f6ee2e75aa2f77ce7fbfbed884
    Size: 117.68 kB
  7. libdmmp-0.8.4-37.el8.i686.rpm
    MD5: 39673c51dbd72ff725d411605b0018c7
    SHA-256: 4df80c0afb41b167e0ab557c7d4f05ad75c61554bef2f6d770d9e1860be589f7
    Size: 111.54 kB
  8. libdmmp-0.8.4-37.el8.x86_64.rpm
    MD5: 976dcb22d68f5b48c3ec24dbae777af7
    SHA-256: 3fe8bbdfd10959cb1eee881e666dc95eaf89c3a18dc23dd665066759eaa6db46
    Size: 111.26 kB