From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 8A981158099 for ; Sat, 25 Nov 2023 08:22:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 07FB72BC049; Sat, 25 Nov 2023 08:21:42 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4774A2BC01F for ; Sat, 25 Nov 2023 08:14:17 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 5C65433D0AF for ; Sat, 25 Nov 2023 08:14:16 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id 3E4D88C687 for ; Sat, 25 Nov 2023 08:14:16 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202311-06 ] multipath-tools: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============0558921369635554097==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Sat, 25 Nov 2023 08:14:16 -0000 Message-ID: <170090005624.7.14014579965918647716@eaa400207d9c> X-Archives-Salt: 9292a583-1d1c-43f7-834d-119c60b3c4fb X-Archives-Hash: 5a4307ec54d9ee97ad660de2b087bdb9 --===============0558921369635554097== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202311-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: multipath-tools: Multiple Vulnerabilities Date: November 25, 2023 Bugs: #878763 ID: 202311-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in multipath-tools, the worst of which can lead to root privilege escalation. Background ========== multipath-tools are used to drive the Device Mapper multipathing driver. Affected packages ================= Package Vulnerable Unaffected ---------------------- ------------ ------------ sys-fs/multipath-tools < 0.9.3 >= 0.9.3 Description =========== Multiple vulnerabilities have been discovered in multipath-tools. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All multipath-tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/multipath-tools-0.9.3" References ========== [ 1 ] CVE-2022-41973 https://nvd.nist.gov/vuln/detail/CVE-2022-41973 [ 2 ] CVE-2022-41974 https://nvd.nist.gov/vuln/detail/CVE-2022-41974 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202311-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============0558921369635554097== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmVhrNgACgkQFMQkOaVy +9nlgg/8Dh7MTIJ8XxoJCAPCHMoF+MzamtymQjEtxVcHaynMuRSgaU1D9tOUT3gX nvnsfXXFyIN14mkbNQGWglrjPiakiTWkAtUuNvfKqPNrb/OK2GmkhKCFXfP0WJH0 Zql42TPDdJFBkvp8RF1+3jfd3lGhG68ze74dnSzLvaJkW0D/KFjKrHU9M5IusW8v 2/uxOAHulKg+hvoJvzyceV9kpQVuIcAgE80fjJxRSz5U+O2LoVOFgRTYtuqrVfHR ogaaTKRwQDu/LKTkGmcZpk+nHkpqPI0dHfPr90CqTduO7HE4uXS0yYPWXmU0Wic5 Kp4JxhHYWpNarUG5ydR8Eax0wLOBQqU1S7jwmg2g6WZFa/DI9fejfQ5B8wu8PVik 0v1Fpvxol7FvLIExzlmsat0ZlMfTunRHkh+RXwMnHvqph3/s16bAM9fcPp4sbblm HEgpDxBQNHKbskr6UcU5alJlUMRHiEutMAinqqxP5djvIK8R8ewr4XCafhmyH6uz MGsKJrDLm7iCFtGCSk/2p5/MM3czpvTnNEDdY0TNuvcqVJTMiNmKZyX8RV2/v9MN C+dm3J2k8GxWHGBHRTN02ZEDaN3CTcuWHFIKZKx4gOCorLgFwH9zVnfiPzABE5ob NnD3lw5xoopHUsq5RE6/BpkggymcO8YwIxr7Fn84qeEbmx7R2Zg= =UA70 -----END PGP SIGNATURE----- --===============0558921369635554097==--