[linux-lvm] lvm2-cluster (clvmd) security fix (Moderate)
Alasdair G Kergon
agk at redhat.com
Wed Jul 28 16:41:12 UTC 2010
I have released version 2.02.72 of LVM2 today to address a security problem.
ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz
ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz.asc
If you are running clvmd on a machine where you also have non-root users
you should seriously consider applying the patch, The problem has been
in the code base since 2004. LVM2 on its own is not vulnerable to this
problem.
Vendors were notified last week.
Red Hat's Security Advisories are here:
https://rhn.redhat.com/errata/RHSA-2010-0567.html
https://rhn.redhat.com/errata/RHSA-2010-0568.html
Fuller details are in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526
The essential part of the patch is attached there and it should apply to
older releases too.
Alasdair
--
agk at redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-lvm/attachments/20100728/f939fb45/attachment.sig>
More information about the linux-lvm
mailing list