multipath-tools 0.8.8-1ubuntu1.22.10.1 source package in Ubuntu


multipath-tools (0.8.8-1ubuntu1.22.10.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: symlink attack
    - debian/patches/CVE-2022-41973.patch: use /run instead of /dev/shm in
      .gitignore,, libmultipath/defaults.h,
      multipath/Makefile, multipath/,
    - debian/multipath-tools.install: install tmpfiles.d/multipath.conf.
    - debian/rules: copy udev rule after build.
    - CVE-2022-41973
  * SECURITY UPDATE: authorization bypass
    - debian/patches/CVE-2022-41974-pre1.patch: fix command completion in
      interactive mode in multipathd/callbacks.c, multipathd/cli.c,
      multipathd/cli_handlers.c, multipathd/main.c.
    - debian/patches/CVE-2022-41974.patch: more robust command parsing in
      multipathd/callbacks.c, multipathd/cli.c, multipathd/cli.h,
      multipathd/cli_handlers.c, multipathd/uxlsnr.c.
    - debian/patches/CVE-2022-41974-2.patch: fix command completion with
      robust parser in multipathd/cli.c, multipathd/cli.h,
    - debian/patches/CVE-2022-41974-3.patch: add test for command parsing
      in, tests/Makefile, tests/cli.c, multipathd/cli.h,
    - debian/patches/CVE-2022-41974-4.patch: fix memory leak handling
      invalid commands in multipathd/uxlsnr.c.
    - CVE-2022-41974

 -- Marc Deslauriers <email address hidden>  Fri, 28 Oct 2022 14:43:41 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Original maintainer:
Ubuntu Developers
linux-any all
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Kinetic updates main admin
Kinetic security main admin


File Size SHA-256 Checksum
multipath-tools_0.8.8.orig.tar.gz 515.1 KiB ff45ddb18a1effbfbe5712f513dd3b7146c68141091fc1c2489af8d6197026ef
multipath-tools_0.8.8-1ubuntu1.22.10.1.debian.tar.xz 58.6 KiB 901b23e8047ed7f119aa49e3ec3025dd20283d60e8f0ae0e99466d8001ee407e
multipath-tools_0.8.8-1ubuntu1.22.10.1.dsc 2.7 KiB 5ed5804812dbfd660ac781a9b34c71e91a5fe9cd97e7cf3f6f34446b7f0f9bb3

View changes file

Binary packages built by this source

kpartx: create device mappings for partitions

 Kpartx can be used to set up device mappings for the partitions of any
 partitioned block device.
 It is part of the Linux multipath-tools, but is useful on any
 device-mapper using system.

kpartx-boot: Provides kpartx during boot

 This package makes kpartx available during boot to activate partitions

kpartx-dbgsym: debug symbols for kpartx
multipath-tools: maintain multipath block device access

 These tools are in charge of maintaining the disk multipath device maps and
 react to path and map events.
 If you install this package you may have to change the way you address block
 devices. See README.Debian for details.

multipath-tools-boot: Support booting from multipath devices

 This package contains the necessary support for booting from a multipath
  * copy over multipath.conf and persistent bindings if necessary
  * load the necessary kernel modules
  * detect multipath block devices
 Don't install this package if you're not booting from a multipath device.

multipath-tools-dbgsym: debug symbols for multipath-tools