lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OscJh-0006gC-Mg@titan.mandriva.com>
Date: Mon, 06 Sep 2010 16:05:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:171 ] lvm2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:171
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : lvm2
 Date    : September 6, 2010
 Affected: 2009.1, 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in lvm2:
 
 The cluster logical volume manager daemon (clvmd) in lvm2-cluster
 in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
 and other products, does not verify client credentials upon a socket
 connection, which allows local users to cause a denial of service
 (daemon exit or logical-volume change) or possibly have unspecified
 other impact via crafted control commands (CVE-2010-2526).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 11ac47baa0dffc858deae4847afc95bc  2009.1/i586/clvmd-2.02.33-8.1mnb2.i586.rpm
 3e28f4c39a97f96dff14ea07e63c0375  2009.1/i586/lvm2-2.02.33-8.1mnb2.i586.rpm 
 1473d81d8d69eecfffeba569d6a524ab  2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f3c07dc0fa38749ea2be8b8a334e08c7  2009.1/x86_64/clvmd-2.02.33-8.1mnb2.x86_64.rpm
 18f0a933f3236c38a7b2f0c8fdfb0516  2009.1/x86_64/lvm2-2.02.33-8.1mnb2.x86_64.rpm 
 1473d81d8d69eecfffeba569d6a524ab  2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm

 Mandriva Linux 2010.0:
 28d2ca049d8736523166f7c99730550d  2010.0/i586/clvmd-2.02.53-9.2mnb2.i586.rpm
 e6456c6b7f8b64bb9579cd485fd1883c  2010.0/i586/dmsetup-1.02.38-9.2mnb2.i586.rpm
 f44de286bd97799df0633639605f9a7b  2010.0/i586/libdevmapper1.02-1.02.38-9.2mnb2.i586.rpm
 9b497f111670636f1dfc9fd3d0635b63  2010.0/i586/libdevmapper-devel-1.02.38-9.2mnb2.i586.rpm
 dc1d8288bc99b1a1e18508d6a0edb595  2010.0/i586/libdevmapper-event1.02-1.02.38-9.2mnb2.i586.rpm
 9b01ee505c3a4949fa0f161c03280b83  2010.0/i586/libdevmapper-event-devel-1.02.38-9.2mnb2.i586.rpm
 61cfd88b9c6789d37fdaf4f6254116ff  2010.0/i586/liblvm2cmd2.02-2.02.53-9.2mnb2.i586.rpm
 929d5d33f66502a078cd8212e1b537b1  2010.0/i586/liblvm2cmd-devel-2.02.53-9.2mnb2.i586.rpm
 b17cbac08c61dce99597e6dbb6702045  2010.0/i586/lvm2-2.02.53-9.2mnb2.i586.rpm 
 27e1f390f03910f521d6c9248fd28cfb  2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm

 Mandriva Linux 2010.0/X86_64:
 3bf5a13a5e066af39062bdaa7a4e6d87  2010.0/x86_64/clvmd-2.02.53-9.2mnb2.x86_64.rpm
 aa1f570c9a929aee83dd9547ae905468  2010.0/x86_64/dmsetup-1.02.38-9.2mnb2.x86_64.rpm
 81f077f42936ec8be557105a220a149b  2010.0/x86_64/lib64devmapper1.02-1.02.38-9.2mnb2.x86_64.rpm
 e90c54801d5d3e201d68731e2cbc4dc5  2010.0/x86_64/lib64devmapper-devel-1.02.38-9.2mnb2.x86_64.rpm
 56d2c5cd25dfef94a15568c420743fea  2010.0/x86_64/lib64devmapper-event1.02-1.02.38-9.2mnb2.x86_64.rpm
 4cff5d26f20d11a57a7dffe7fb3421a8  2010.0/x86_64/lib64devmapper-event-devel-1.02.38-9.2mnb2.x86_64.rpm
 40f4f8aa95abd23c8640e5cf22031b02  2010.0/x86_64/lib64lvm2cmd2.02-2.02.53-9.2mnb2.x86_64.rpm
 a87f6ecae4c05b5ced933cb3468ed499  2010.0/x86_64/lib64lvm2cmd-devel-2.02.53-9.2mnb2.x86_64.rpm
 96c9b9781d1168c90a557cc583930a7e  2010.0/x86_64/lvm2-2.02.53-9.2mnb2.x86_64.rpm 
 27e1f390f03910f521d6c9248fd28cfb  2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm

 Mandriva Linux 2010.1:
 48f74df7e0156e45f230429aa41cea7a  2010.1/i586/clvmd-2.02.61-5.1mnb2.i586.rpm
 a5fa92bb7251a9f9b9a651a9d681c470  2010.1/i586/cmirror-2.02.61-5.1mnb2.i586.rpm
 c7281a45862b7460be4b9623165cc591  2010.1/i586/dmsetup-1.02.44-5.1mnb2.i586.rpm
 98c4f715edc57a2a81631cb2ab9a824b  2010.1/i586/libdevmapper1.02-1.02.44-5.1mnb2.i586.rpm
 e5b0271e14e85ad94cb3e746960993b1  2010.1/i586/libdevmapper-devel-1.02.44-5.1mnb2.i586.rpm
 2b83f2c3a303604e42868b074364b017  2010.1/i586/libdevmapper-event1.02-1.02.44-5.1mnb2.i586.rpm
 aef97aaed0fd616df5a046d9b05f55e2  2010.1/i586/libdevmapper-event-devel-1.02.44-5.1mnb2.i586.rpm
 1ed885e2a23ca5f9bdaa5796615feeea  2010.1/i586/liblvm2app2.1-2.02.61-5.1mnb2.i586.rpm
 9a62cea841692f4a744019664cb6b959  2010.1/i586/liblvm2cmd2.02-2.02.61-5.1mnb2.i586.rpm
 a1bc253b7a92b6c7b1ac96e7e2521ee3  2010.1/i586/liblvm2cmd-devel-2.02.61-5.1mnb2.i586.rpm
 972c3885883f95b793e4dfaa46121685  2010.1/i586/liblvm2-devel-2.02.61-5.1mnb2.i586.rpm
 08190534acaa182f48f8c2aca8b3ad31  2010.1/i586/lvm2-2.02.61-5.1mnb2.i586.rpm 
 3de3e283a5907efe36b7f5b9038c32a2  2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 3c33074b320e7b7651b9872674bce70b  2010.1/x86_64/clvmd-2.02.61-5.1mnb2.x86_64.rpm
 e0bcdee0b2f4e725bfd17b35a9959aa0  2010.1/x86_64/cmirror-2.02.61-5.1mnb2.x86_64.rpm
 47c54c45f3f00ae9fe0f9176623739ac  2010.1/x86_64/dmsetup-1.02.44-5.1mnb2.x86_64.rpm
 0b25f189581132d3d0bcf736f66ae4c9  2010.1/x86_64/lib64devmapper1.02-1.02.44-5.1mnb2.x86_64.rpm
 d3b6a286c01ed42a08301f5425d5e13b  2010.1/x86_64/lib64devmapper-devel-1.02.44-5.1mnb2.x86_64.rpm
 7f0596865ef0a8baec758a106a030749  2010.1/x86_64/lib64devmapper-event1.02-1.02.44-5.1mnb2.x86_64.rpm
 9346f3ad1ce7d7b9cb68ab77adf1d809  2010.1/x86_64/lib64devmapper-event-devel-1.02.44-5.1mnb2.x86_64.rpm
 4c70fc76e4330e61d8b013e5f5396349  2010.1/x86_64/lib64lvm2app2.1-2.02.61-5.1mnb2.x86_64.rpm
 248c9c277bd694c1c5f239f2f8dcb983  2010.1/x86_64/lib64lvm2cmd2.02-2.02.61-5.1mnb2.x86_64.rpm
 edd014cb4cd0a637ca2e6038d6473958  2010.1/x86_64/lib64lvm2cmd-devel-2.02.61-5.1mnb2.x86_64.rpm
 5a5db48748ff8e3ad9c6fcfbab003013  2010.1/x86_64/lib64lvm2-devel-2.02.61-5.1mnb2.x86_64.rpm
 8ba0060f839c48eda20db9299933f527  2010.1/x86_64/lvm2-2.02.61-5.1mnb2.x86_64.rpm 
 3de3e283a5907efe36b7f5b9038c32a2  2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMhMgBmqjQ0CJFipgRAoeBAKCwND3HDmabTzsVVnJJB9Tq6+imGQCgqRAE
DFyM1mq7f33nL+kHFr1LlBo=
=zRsP
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ