[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[linux-lvm] lvm2-cluster (clvmd) security fix (Moderate)



I have released version 2.02.72 of LVM2 today to address a security problem.

  ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz
  ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz.asc

If you are running clvmd on a machine where you also have non-root users
you should seriously consider applying the patch,   The problem has been
in the code base since 2004.  LVM2 on its own is not vulnerable to this
problem.

Vendors were notified last week.

Red Hat's Security Advisories are here:

   https://rhn.redhat.com/errata/RHSA-2010-0567.html
   https://rhn.redhat.com/errata/RHSA-2010-0568.html

Fuller details are in the Red Hat Bugzilla:
   https://bugzilla.redhat.com/CVE-2010-2526

The essential part of the patch is attached there and it should apply to
older releases too.

Alasdair
-- 
agk redhat com

Attachment: pgptehU1HbuQP.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]