What is the severity of REDHAT-BUG-2138959?

The severity of REDHAT-BUG-2138959 is categorized as moderate due to the potential impact on system integrity.

How do I fix REDHAT-BUG-2138959?

To fix REDHAT-BUG-2138959, update your Red Hat Enterprise Linux to the latest version available for your release.

Which versions of Red Hat Enterprise Linux are affected by REDHAT-BUG-2138959?

Red Hat Enterprise Linux 8 up to 8.7 and Red Hat Enterprise Linux 9 up to 9.1 are affected by REDHAT-BUG-2138959.

Is there a workaround for REDHAT-BUG-2138959?

No specific workaround is provided for REDHAT-BUG-2138959, so patching is recommended.

What is CVE-2022-41974 in relation to REDHAT-BUG-2138959?

CVE-2022-41974 is the specific vulnerability that REDHAT-BUG-2138959 addresses, impacting device-mapper-multipath.

Vulnerability/
REDHAT-BUG-2138959

high

31/10/2022

7/12/2023

REDHAT-BUG-2138959

First published: Mon Oct 31 2022(Updated: )

The device-mapper-multipath flaw <a href="https://access.redhat.com/security/cve/CVE-2022-41974">CVE-2022-41974</a> (<a class="bz_bug_link bz_status_CLOSED bz_closed bz_public " title="CLOSED ERRATA - CVE-2022-41974 device-mapper-multipath: Authorization bypass, multipathd daemon listens for client connections on an abstract Unix socket" href="show_bug.cgi?id=2133988">bug 2133988</a>) was addressed in Red Hat Enterprise Linux 8 via erratum RHSA-2022:7192 and in Red Hat Enterprise Linux 9 via erratum RHSA-2022:7185, released on Oct 25, 2022: <a href="https://access.redhat.com/errata/RHSA-2022:7192">https://access.redhat.com/errata/RHSA-2022:7192</a> <a href="https://access.redhat.com/errata/RHSA-2022:7185">https://access.redhat.com/errata/RHSA-2022:7185</a> However, the fix for this issue was not included in the device-mapper-multipath updates released as part of Red Hat Enterprise Linux 8.7 (RHBA-2022:7714) and 9.1 (RHBA-2022:8313), causing a security regression of previously released fix. A new CVE id <a href="https://access.redhat.com/security/cve/CVE-2022-3787">CVE-2022-3787</a> was assigned for this security regression. Note that this issue and CVE id is specific to the device-mapper-multipath packages as shipped with Red Hat Enterprise Linux and is not applicable to any upstream device-mapper-multipath version or device-mapper-multipath packages of any other vendor that are not directly based on Red Hat Enterprise Linux packages. For more information about the original flaw, refer to the CVE page or bug linked above.

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	<8.7
Red Hat Enterprise Linux	<9.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2138959?
The severity of REDHAT-BUG-2138959 is categorized as moderate due to the potential impact on system integrity.
How do I fix REDHAT-BUG-2138959?
To fix REDHAT-BUG-2138959, update your Red Hat Enterprise Linux to the latest version available for your release.
Which versions of Red Hat Enterprise Linux are affected by REDHAT-BUG-2138959?
Red Hat Enterprise Linux 8 up to 8.7 and Red Hat Enterprise Linux 9 up to 9.1 are affected by REDHAT-BUG-2138959.
Is there a workaround for REDHAT-BUG-2138959?
No specific workaround is provided for REDHAT-BUG-2138959, so patching is recommended.
What is CVE-2022-41974 in relation to REDHAT-BUG-2138959?
CVE-2022-41974 is the specific vulnerability that REDHAT-BUG-2138959 addresses, impacting device-mapper-multipath.

agent/type
agent/last-modified-date
agent/first-publish-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2022-3787
agent/event
agent/references
agent/severity
agent/description
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat enterprise linux

Frequently Asked Questions

What is the severity of REDHAT-BUG-2138959?
The severity of REDHAT-BUG-2138959 is categorized as moderate due to the potential impact on system integrity.
How do I fix REDHAT-BUG-2138959?
To fix REDHAT-BUG-2138959, update your Red Hat Enterprise Linux to the latest version available for your release.
Which versions of Red Hat Enterprise Linux are affected by REDHAT-BUG-2138959?
Red Hat Enterprise Linux 8 up to 8.7 and Red Hat Enterprise Linux 9 up to 9.1 are affected by REDHAT-BUG-2138959.
Is there a workaround for REDHAT-BUG-2138959?
No specific workaround is provided for REDHAT-BUG-2138959, so patching is recommended.
What is CVE-2022-41974 in relation to REDHAT-BUG-2138959?
CVE-2022-41974 is the specific vulnerability that REDHAT-BUG-2138959 addresses, impacting device-mapper-multipath.

REDHAT-BUG-2138959

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-2138959?

How do I fix REDHAT-BUG-2138959?

Which versions of Red Hat Enterprise Linux are affected by REDHAT-BUG-2138959?

Is there a workaround for REDHAT-BUG-2138959?

What is CVE-2022-41974 in relation to REDHAT-BUG-2138959?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of REDHAT-BUG-2138959?

How do I fix REDHAT-BUG-2138959?

Which versions of Red Hat Enterprise Linux are affected by REDHAT-BUG-2138959?

Is there a workaround for REDHAT-BUG-2138959?

What is CVE-2022-41974 in relation to REDHAT-BUG-2138959?