Ubuntu 22.10: USN-5731-1 Critical: Multipath-Tools Access Control Issues
ubuntu
November 17, 2022
Several security issues were fixed in multipath-tools.
Summary
Several security issues were fixed in multipath-tools.
Software Description:
- multipath-tools: maintain multipath block device access
Details:
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: multipath-tools 0.8.8-1ubuntu1.22.10.1 Ubuntu 22.04 LTS: multipath-tools 0.8.8-1ubuntu1.22.04.1 Ubuntu 20.04 LTS: multipath-tools 0.8.3-1ubuntu2.1 Ubuntu 18.04 LTS: multipath-tools 0.7.4-2ubuntu3.2 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-5731-1
CVE-2022-41973, CVE-2022-41974
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
November 17, 2022
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!