Univention Bugzilla – Bug 55539
multipath-tools: Multiple issues (5.0)
Last modified: 2023-01-13 15:50:04 CET
New Debian multipath-tools 0.7.9-3+deb10u2 fixes: This update addresses the following issues: * Symlink attack multipathd operates insecurely, as root, in /dev/shm (a sticky, world-writable directory similar to /tmp) (CVE-2022-41973) * Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket (CVE-2022-41974)
--- mirror/ftp/pool/main/m/multipath-tools/multipath-tools_0.7.9-3+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/multipath-tools_0.7.9-3+deb10u2.dsc @@ -1,3 +1,9 @@ +0.7.9-3+deb10u2 [Thu, 29 Dec 2022 09:23:26 +0100] Tobias Frost <tobi@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Backport upstream fixes for CVE-2022-41973 and CVE-2022-41974. + (Closes: #1022742) + 0.7.9-3+deb10u1 [Sun, 21 Jun 2020 16:41:48 +0000] Chris Hofstaedtler <zeha@debian.org>: * [775fe68] kpartx: use correct path to partx in udev rule (Closes: #959727) <http://piuparts.knut.univention.de/5.0-2/#4115007395471355221>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 3c215662db Bug #55539: multipath-tools 0.7.9-3+deb10u2 doc/errata/staging/multipath-tools.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [5.0-2] a8f54d804a Bug #55539: multipath-tools 0.7.9-3+deb10u2 doc/errata/staging/multipath-tools.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x532>