1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202311-06 ] multipath-tools: Multiple Vulnerab

    From glsamaker@gentoo.org@21:1/5 to All on Sat Nov 25 09:30:01 2023
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202311-06
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: multipath-tools: Multiple Vulnerabilities
    Date: November 25, 2023
    Bugs: #878763
    ID: 202311-06

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in multipath-tools, the
    worst of which can lead to root privilege escalation.

    Background
    ==========

    multipath-tools are used to drive the Device Mapper multipathing driver.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ---------------------- ------------ ------------
    sys-fs/multipath-tools < 0.9.3 >= 0.9.3

    Description
    ===========

    Multiple vulnerabilities have been discovered in multipath-tools. Please
    review the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All multipath-tools users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.9.3"

    References
    ==========

    [ 1 ] CVE-2022-41973
    https://nvd.nist.gov/vuln/detail/CVE-2022-41973
    [ 2 ] CVE-2022-41974
    https://nvd.nist.gov/vuln/detail/CVE-2022-41974

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202311-06

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2023 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmVhrNgACgkQFMQkOaVy +9nlgg/8Dh7MTIJ8XxoJCAPCHMoF+MzamtymQjEtxVcHaynMuRSgaU1D9tOUT3gX nvnsfXXFyIN14mkbNQGWglrjPiakiTWkAtUuNvfKqPNrb/OK2GmkhKCFXfP0WJH0 Zql42TPDdJFBkvp8RF1+3jfd3lGhG68ze74dnSzLvaJkW0D/KFjKrHU9M5IusW8v 2/uxOAHulKg+hvoJvzyceV9kpQVuIcAgE80fjJxRSz5U+O2LoVOFgRTYtuqrVfHR ogaaTKRwQDu/LKTkGmcZpk+nHkpqPI0dHfPr90CqTduO7HE4uXS0yYPWXmU0Wic5 Kp4JxhHYWpNarUG5ydR8Eax0wLOBQqU1S7jwmg2g6WZFa/DI9fejfQ5B8wu8PVik 0v1Fpvxol7FvLIExzlmsat0ZlMfTunRHkh+RXwMnHvqph3/s16bAM9fcPp4sbblm HEgpDxBQNHKbskr6UcU5alJlUMRHiEutMAinqqxP5djvIK8R8ewr4XCafhmyH6uz MGsKJrDLm7iCFtGCSk/2p5/MM3czpvTnNEDdY0TNuvcqVJTMiNmKZyX8RV2/v9MN C+dm3J2k8GxWHGBHRTN02ZEDaN3CTcuWHFIKZKx4gOCorLgFwH9zVnfiPzABE5ob NnD3lw5xoopHUsq5RE6/BpkggymcO8YwIxr7Fn84qeEbmx7R2Zg=
    =UA70
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)