* [linux-lvm] lvm2-cluster (clvmd) security fix (Moderate)
@ 2010-07-28 16:41 Alasdair G Kergon
0 siblings, 0 replies; only message in thread
From: Alasdair G Kergon @ 2010-07-28 16:41 UTC (permalink / raw)
To: linux-lvm, linux-cluster
[-- Attachment #1: Type: text/plain, Size: 837 bytes --]
I have released version 2.02.72 of LVM2 today to address a security problem.
ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz
ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz.asc
If you are running clvmd on a machine where you also have non-root users
you should seriously consider applying the patch, The problem has been
in the code base since 2004. LVM2 on its own is not vulnerable to this
problem.
Vendors were notified last week.
Red Hat's Security Advisories are here:
https://rhn.redhat.com/errata/RHSA-2010-0567.html
https://rhn.redhat.com/errata/RHSA-2010-0568.html
Fuller details are in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526
The essential part of the patch is attached there and it should apply to
older releases too.
Alasdair
--
agk@redhat.com
[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-07-28 16:41 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-07-28 16:41 [linux-lvm] lvm2-cluster (clvmd) security fix (Moderate) Alasdair G Kergon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).