Debian Security Advisory 5366-1

Debian Security Advisory 5366-1: Posted Mar 1, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5366-1 - The Qualys Research Labs reported an authorization bypass (CVE-2022-41974) and a symlink attack (CVE-2022-41973) in multipath-tools, a set of tools to drive the Device Mapper multipathing driver, which may result in local privilege escalation.; tags | advisory, local; systems | linux, debian; advisories | CVE-2022-41973, CVE-2022-41974; SHA-256 | 449a42da9bb4b8caeb5d67f7cec2a182bd6252f94c98c628487a48466106f6b0; Download | Favorite | View

Debian Security Advisory 5366-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5366-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 01, 2023                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : multipath-tools
CVE ID         : CVE-2022-41973 CVE-2022-41974
Debian Bug     : 1022742

The Qualys Research Labs reported an authorization bypass
(CVE-2022-41974) and a symlink attack (CVE-2022-41973) in
multipath-tools, a set of tools to drive the Device Mapper multipathing
driver, which may result in local privilege escalation.

Please refer to /usr/share/doc/multipath-tools/NEWS.Debian.gz for
backwards-incompatible changes in this update.

For the stable distribution (bullseye), these problems have been fixed in
version 0.8.5-2+deb11u1.

We recommend that you upgrade your multipath-tools packages.

For the detailed security status of multipath-tools please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/multipath-tools

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmP/NuFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RyiQ//VY70yfm+KRaOehk7p4ek9uc2PY/ezIyGp29CijJBjugxR1+C1NEDahES
QUv/b1D9UsLDy+lKCRIoQAfpQ7cZd9GlVNJYNBCvSxIVjqNkj8WDkZdVOqNgE+mr
Orl8w3szGVQtuFplG5q/5Q5kNzcJ9kKNRnuD33+UqpN88h2/HfxBLJzDJNf28HT6
axpdCh48QYuk8k5M1Ns6ciguMQUG3nG9yFyrHrKkUQZTjqY3bqN+J56JpBqCKUt9
QWryP3O2DzLEQR+ZY1zdoZw9X517vS8vb7j+22qy4jCNkZeUcaefIinSEOtI7Vto
usSCcWUSfpyUDAD0VJswG7kftOo6VCVjujpdEDFMuUpFBAuwbbCR5e15Xw1+yIYE
A6uIKw9bvZWqyTPZ13Yq3wH8qdXXjevH4xkHqWFeokAZ7Y0TrLHOiqnItbKOWX/k
bhBVl/V47EVPnKleIk4PYIcB/6yFpgK7ujX6z8JMCFLGaEv2E8spJBZUOBsFTc2z
9GhOi5BGbLKr6rsgGeuCI9ELsbREIDr/I9etWlTr6xjSCln5r66ZyHquarG4pj+K
OYs8GqLMwBNTcB/ZMngZZO+hGjOhSQGIYIDPwb28dgLFGQo1ADP7TWUtSkqYQ6LT
m3jiUKLqwYRmwEN9vKrfZo9HTqMTtsNPzxqCoX3/3V/XNYFI8WMÖk/
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 144 files
Ubuntu 111 files
Debian 18 files
Rafael Pedrero 11 files
LiquidWorm 10 files
Google Security Research 10 files
Apple 9 files
Abdulhakim Oner 8 files
nu11secur1ty 8 files
Hubert Wojciechowski 6 files

File Archives

Systems

AIX (426)
Apple (1,960)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,714)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (340)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,130)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,923)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,448)
UNIX (9,208)
UnixWare (185)
Windows (6,532)
Other

Debian Security Advisory 5366-1

Debian Security Advisory 5366-1

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5366-1

Share This

Debian Security Advisory 5366-1

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems