device-mapper-multipath-0.8.4-37.el8
エラータID: AXSA:2023-5860:05
リリース日:
2023/06/06 Tuesday - 08:22
題名:
device-mapper-multipath-0.8.4-37.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- device-mapper-multipath には、シンボリックリンクの処理に問題が
あるため、/dev/shm ディレクトリにアクセスできるローカルの攻撃者
により、/dev/shm ディレクトリ以外へのファイルの書き込みを可能と
する脆弱性が存在します。(CVE-2022-41973)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
追加情報:
N/A
ダウンロード:
SRPMS
- device-mapper-multipath-0.8.4-37.el8.src.rpm
MD5: f1d8366c3dcb42685559a548d2798684
SHA-256: 15bac724dd013ce3e59c7a758278bb24fd88864ebc33b09c3257ff08d035e45c
Size: 740.67 kB
Asianux Server 8 for x86_64
- device-mapper-multipath-0.8.4-37.el8.x86_64.rpm
MD5: abba295fedb4ceee480876fe11b89d0b
SHA-256: ec8b5e18286630ca05b6bacf25ac630af7c55115f073c2d89faaf1b5b4a437e5
Size: 207.08 kB - device-mapper-multipath-devel-0.8.4-37.el8.i686.rpm
MD5: bec43feeeb5a08b13db38883967382a6
SHA-256: 4de4b5921747e2754a86d72bd08bbe1cda8e715099addae3fceb151d674c356d
Size: 103.59 kB - device-mapper-multipath-devel-0.8.4-37.el8.x86_64.rpm
MD5: 087fa070a6dea4a6b04a29f2abed4920
SHA-256: 55ea0629a3a60d806078a886898b8a2ada85aa2226e8727e802d0b4553e81c0b
Size: 103.57 kB - device-mapper-multipath-libs-0.8.4-37.el8.i686.rpm
MD5: a8150136090310fe5e29d621cfbade9c
SHA-256: 926d881d974a376e30f4d7c7f79c5fe40168ab32984c9620c0f2b866959e4443
Size: 349.69 kB - device-mapper-multipath-libs-0.8.4-37.el8.x86_64.rpm
MD5: 455cd4ea8cbb2e807187a62f61d9ccac
SHA-256: 1979e11a64c45934ebe76f8a19d280dc0b67f1ace0dfda8b7446c241064a1663
Size: 332.73 kB - kpartx-0.8.4-37.el8.x86_64.rpm
MD5: c39c9f6e2dc000028ebbe71773f41e07
SHA-256: 513e2c27532ea1d94fccf59e8f640d70881182f6ee2e75aa2f77ce7fbfbed884
Size: 117.68 kB - libdmmp-0.8.4-37.el8.i686.rpm
MD5: 39673c51dbd72ff725d411605b0018c7
SHA-256: 4df80c0afb41b167e0ab557c7d4f05ad75c61554bef2f6d770d9e1860be589f7
Size: 111.54 kB - libdmmp-0.8.4-37.el8.x86_64.rpm
MD5: 976dcb22d68f5b48c3ec24dbae777af7
SHA-256: 3fe8bbdfd10959cb1eee881e666dc95eaf89c3a18dc23dd665066759eaa6db46
Size: 111.26 kB