Ubuntu Security Notice 5731-1 - It was discovered that multipath-tools incorrectly handled symlinks. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10. It was discovered that multipath-tools incorrectly handled access controls. A local attacker could possibly use this issue, in combination with other issues, to escalate privileges.
9624ae8fb4d6e0770272c04b66838bae629e7de815fff8a5dfa0edc820f31a3a
==========================================================================
Ubuntu Security Notice USN-5731-1
November 17, 2022
multipath-tools vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in multipath-tools.
Software Description:
- multipath-tools: maintain multipath block device access
Details:
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
multipath-tools 0.8.8-1ubuntu1.22.10.1
Ubuntu 22.04 LTS:
multipath-tools 0.8.8-1ubuntu1.22.04.1
Ubuntu 20.04 LTS:
multipath-tools 0.8.3-1ubuntu2.1
Ubuntu 18.04 LTS:
multipath-tools 0.7.4-2ubuntu3.2
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5731-1
CVE-2022-41973, CVE-2022-41974
Package Information:
https://launchpad.net/ubuntu/+source/multipath-tools/0.8.8-1ubuntu1.22.10.1
https://launchpad.net/ubuntu/+source/multipath-tools/0.8.8-1ubuntu1.22.04.1
https://launchpad.net/ubuntu/+source/multipath-tools/0.8.3-1ubuntu2.1
https://launchpad.net/ubuntu/+source/multipath-tools/0.7.4-2ubuntu3.2