Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2022:3710-1 Critical: Multipath Tools Symlink Issues

suse
Calendar Grey October 24, 2022
Dist Suse Esm H88
SUSE has launched a significant security update for multipath-tools, addressing critical vulnerabilities and enhancing reliability and efficiency for users.
An update that solves two vulnerabilities, contains one feature and has four fixes is now available

Summary

This update for multipath-tools fixes the following issues: - CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739) - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739) - multipathd: add "force_reconfigure" option (bsc#1189551) The command "multipathd -kreconfigure" changes behavior: instead of reloading every map, it checks map configuration and reloads only modified maps. This speeds up the reconfigure operation substantially. The old behavior can be reinstated by setting "force_reconfigure yes" in multipath.conf (not recommended). Note: "force_reconfigure yes" is not supported in SLE15-SP4 and beyond, which provide the command "multipathd -k'reconfigure all'" - multipathd: avoid stalled clients during reconfigure (bsc#1189551)

Topics%20covered

Topics Covered

security advisory critical issue SUSE authorization bypass symlink fix multipath-tools

References

#1189551 #1191900 #1195506 #1197570 #1202616

#1202739 PED-1448

Cross- CVE-2022-41973 CVE-2022-41974

CVSS scores:

CVE-2022-41973 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2022-41974 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Micro 5.2

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Linux Enterprise Storage 7.1

SUSE Manager Proxy 4.2

SUSE Manager Retail Branch Server 4.2

SUSE Manager Server 4.2

openSU...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3710-1
Rating: important

Topics%20covered

Topics Covered

security advisory critical issue SUSE authorization bypass symlink fix multipath-tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here