Bug#1022742: multipath-tools: CVE-2022-41973 CVE-2022-41974

Mon, 24 Oct 2022 13:21:16 -0700 

Source: multipath-tools
Version: 0.9.0-4
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 0.7.9-3

Hi,

The following vulnerabilities were published for multipath-tools.

CVE-2022-41973[0]:
| Symlink attack

CVE-2022-41974[1]:
| Authorization bypass

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-41973
    https://www.cve.org/CVERecord?id=CVE-2022-41973
[1] https://security-tracker.debian.org/tracker/CVE-2022-41974
    https://www.cve.org/CVERecord?id=CVE-2022-41974
[2] https://www.openwall.com/lists/oss-security/2022/10/24/2

Regards,
Salvatore

Reply via email to