Overview

File _patchinfo of Package patchinfo.25758

<patchinfo incident="25758">
  <issue tracker="bnc" id="1191900">SLES 15 SP3 - Running multipath -T produces an RC of -1 even when the command executes successfully and the output shows no error</issue>
  <issue tracker="bnc" id="1195506">Paths not transitioning to marginal state upon receiving FPIN-LI event from switch</issue>
  <issue tracker="bnc" id="1197570">SLES 15 SP3 - UUID= in fstab for multipath partition results in emergency shell on boot, where root-fs does not use multipath (multipath-tools) [regression] (L3:)</issue>
  <issue tracker="bnc" id="1202616">GPL 2.0 / 3.0 license conflict in multipath-tools</issue>
  <issue tracker="bnc" id="1189551">multipath reconfigure runs in the background and take too long</issue>
  <issue tracker="jsc" id="PED-1448">Add Support of the path state for link integrity events</issue>
  <issue tracker="bnc" id="1202739">VUL-0: CVE-2022-41973 CVE-2022-41974: multipath-tools: multipathd: authorization bypass and symlink attack</issue>
  <issue tracker="cve" id="2022-41973"/>
  <issue tracker="cve" id="2022-41974"/>
  <packager>mwilck</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for multipath-tools</summary>
  <description>This update for multipath-tools fixes the following issues:

- CVE-2022-41973: Fixed a symlink attack in multipathd. (bsc#1202739)
- CVE-2022-41974: Fixed an authorization bypass issue in multipathd. (bsc#1202739)
    
- multipathd: add "force_reconfigure" option (bsc#1189551)
    The command "multipathd -kreconfigure" changes behavior: instead
    of reloading every map, it checks map configuration and reloads
    only modified maps. This speeds up the reconfigure operation 
    substantially. The old behavior can be reinstated by setting
    "force_reconfigure yes" in multipath.conf (not recommended).
    Note: "force_reconfigure yes" is not supported in SLE15-SP4 and
    beyond, which provide the command "multipathd -k'reconfigure all'"

- multipathd: avoid stalled clients during reconfigure (bsc#1189551)
- multipathd: handle client disconnect correctly (bsc#1189551)
- Avoid linking to libreadline to avoid licensing issue (bsc#1202616)
- multipathd: don't switch to DAEMON_IDLE during startup (bsc#1197570)
- multipathd: disallow changing to/from fpin marginal paths on reconfig
- multipathd handle fpin events (bsc#1195506,jsc#PED-1448)
- multipath: fix exit status of multipath -T (bsc#1191900)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places