Overview

File _patchinfo of Package patchinfo.25421

<patchinfo incident="25421">
  <issue tracker="bnc" id="1201483">upstream fixes for multipath-tools 0.9.0</issue>
  <issue tracker="bnc" id="1199347">multipath-tools: delayed delivery of uevents</issue>
  <issue tracker="bnc" id="1199345">multipath-tools: limit number of hanging TUR threads</issue>
  <issue tracker="bnc" id="1202616">GPL 2.0 / 3.0 license conflict in multipath-tools</issue>
  <issue tracker="bnc" id="1199346">multipathd signals successful startup too early to systemd</issue>
  <issue tracker="bnc" id="1197570">SLES 15 SP3 - UUID= in fstab for multipath partition results in emergency shell on boot, where root-fs does not use multipath (multipath-tools) [regression] (L3:)</issue>
  <issue tracker="bnc" id="1199342">multipath-tools: busy loop in multipathd with delayed_reconfigure</issue>
  <issue tracker="bnc" id="1202739">VUL-0: CVE-2022-41973 CVE-2022-41974: multipath-tools: multipathd: authorization bypass and symlink attack</issue>
  <issue tracker="cve" id="2022-41973"/>
  <issue tracker="cve" id="2022-41974"/>
  <packager>mwilck</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for multipath-tools</summary>
  <description>This update for multipath-tools fixes the following issues:

- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- libmultipath: fix find_multipaths_timeout for unknown hardware (bsc#1201483)
- multipath-tools: fix "multipath -ll" for Native NVME Multipath devices (bsc#1201483)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1199346, bsc#1197570)
- multipathd: avoid delays during uevent processing (bsc#1199347)
- multipathd: Don't keep starting TUR threads, if they always hang. (bsc#1199345)
- Fix busy loop with delayed_reconfigure (bsc#1199342)
- multipath.conf: add support for "protocol" subsection in
"overrides" section to set certain config options by protocol.
- Removed the previously deprecated options getuid_callout, config_dir, multipath_dir, pg_timeout
- Add disclaimer about vendor support
- Change built-in defaults for NVMe: group by prio, and immediate failback
- Fixes for minor issues reported by coverity
- Fix for memory leak with uid_attrs
- Updates for built in hardware db
- Logging improvements
- multipathd: use remove_map_callback for delayed reconfigure
- Fix handling of path addition in read-only arrays on NVMe
- Updates of built-in hardware database
- libmultipath: only warn once about unsupported dev_loss_tmo
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places