{"affected":[{"ecosystem_specific":{"binaries":[{"kpartx":"0.9.0+62+suse.3e048d4-150400.4.7.1","libmpath0":"0.9.0+62+suse.3e048d4-150400.4.7.1","multipath-tools":"0.9.0+62+suse.3e048d4-150400.4.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.3","name":"multipath-tools","purl":"pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Micro%205.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0+62+suse.3e048d4-150400.4.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kpartx":"0.9.0+62+suse.3e048d4-150400.4.7.1","libdmmp-devel":"0.9.0+62+suse.3e048d4-150400.4.7.1","libdmmp0_2_0":"0.9.0+62+suse.3e048d4-150400.4.7.1","libmpath0":"0.9.0+62+suse.3e048d4-150400.4.7.1","multipath-tools":"0.9.0+62+suse.3e048d4-150400.4.7.1","multipath-tools-devel":"0.9.0+62+suse.3e048d4-150400.4.7.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"multipath-tools","purl":"pkg:rpm/suse/multipath-tools&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0+62+suse.3e048d4-150400.4.7.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kpartx":"0.9.0+62+suse.3e048d4-150400.4.7.1","libdmmp-devel":"0.9.0+62+suse.3e048d4-150400.4.7.1","libdmmp0_2_0":"0.9.0+62+suse.3e048d4-150400.4.7.1","libmpath0":"0.9.0+62+suse.3e048d4-150400.4.7.1","multipath-tools":"0.9.0+62+suse.3e048d4-150400.4.7.1","multipath-tools-devel":"0.9.0+62+suse.3e048d4-150400.4.7.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"multipath-tools","purl":"pkg:rpm/opensuse/multipath-tools&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0+62+suse.3e048d4-150400.4.7.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for multipath-tools fixes the following issues:\n\n- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)\n- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)\n- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)\n- libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)\n- multipath-tools: fix 'multipath -ll' for Native NVME Multipath devices (bsc#1201483)\n- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)\n- multipathd: avoid delays during uevent processing (bsc#1199347)\n- multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)\n- Fix busy loop with delayed_reconfigure (bsc#1199342)\n- multipath.conf: add support for 'protocol' subsection in\n'overrides' section to set certain config options by protocol.\n- Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout\n- Add disclaimer about vendor support\n- Change built-in defaults for NVMe: group by prio, and immediate failback\n- Fixes for minor issues reported by coverity\n- Fix for memory leak with uid_attrs\n- Updates for built in hardware db\n- Logging improvements\n- multipathd: use remove_map_callback for delayed reconfigure\n- Fix handling of path addition in read-only arrays on NVMe\n- Updates of built-in hardware database\n- libmultipath: only warn once about unsupported dev_loss_tmo\n","id":"SUSE-SU-2022:3711-1","modified":"2022-10-24T14:23:58Z","published":"2022-10-24T14:23:58Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223711-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197570"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199342"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199345"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199346"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199347"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201483"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202616"},{"type":"REPORT","url":"https://bugzilla.suse.com/1202739"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41973"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41974"}],"related":["CVE-2022-41973","CVE-2022-41974"],"summary":"Security update for multipath-tools","upstream":["CVE-2022-41973","CVE-2022-41974"]}