[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OscJh-0006gC-Mg@titan.mandriva.com>
Date: Mon, 06 Sep 2010 16:05:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:171 ] lvm2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:171
http://www.mandriva.com/security/
_______________________________________________________________________
Package : lvm2
Date : September 6, 2010
Affected: 2009.1, 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in lvm2:
The cluster logical volume manager daemon (clvmd) in lvm2-cluster
in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)
and other products, does not verify client credentials upon a socket
connection, which allows local users to cause a denial of service
(daemon exit or logical-volume change) or possibly have unspecified
other impact via crafted control commands (CVE-2010-2526).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.1:
11ac47baa0dffc858deae4847afc95bc 2009.1/i586/clvmd-2.02.33-8.1mnb2.i586.rpm
3e28f4c39a97f96dff14ea07e63c0375 2009.1/i586/lvm2-2.02.33-8.1mnb2.i586.rpm
1473d81d8d69eecfffeba569d6a524ab 2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm
Mandriva Linux 2009.1/X86_64:
f3c07dc0fa38749ea2be8b8a334e08c7 2009.1/x86_64/clvmd-2.02.33-8.1mnb2.x86_64.rpm
18f0a933f3236c38a7b2f0c8fdfb0516 2009.1/x86_64/lvm2-2.02.33-8.1mnb2.x86_64.rpm
1473d81d8d69eecfffeba569d6a524ab 2009.1/SRPMS/lvm2-2.02.33-8.1mnb2.src.rpm
Mandriva Linux 2010.0:
28d2ca049d8736523166f7c99730550d 2010.0/i586/clvmd-2.02.53-9.2mnb2.i586.rpm
e6456c6b7f8b64bb9579cd485fd1883c 2010.0/i586/dmsetup-1.02.38-9.2mnb2.i586.rpm
f44de286bd97799df0633639605f9a7b 2010.0/i586/libdevmapper1.02-1.02.38-9.2mnb2.i586.rpm
9b497f111670636f1dfc9fd3d0635b63 2010.0/i586/libdevmapper-devel-1.02.38-9.2mnb2.i586.rpm
dc1d8288bc99b1a1e18508d6a0edb595 2010.0/i586/libdevmapper-event1.02-1.02.38-9.2mnb2.i586.rpm
9b01ee505c3a4949fa0f161c03280b83 2010.0/i586/libdevmapper-event-devel-1.02.38-9.2mnb2.i586.rpm
61cfd88b9c6789d37fdaf4f6254116ff 2010.0/i586/liblvm2cmd2.02-2.02.53-9.2mnb2.i586.rpm
929d5d33f66502a078cd8212e1b537b1 2010.0/i586/liblvm2cmd-devel-2.02.53-9.2mnb2.i586.rpm
b17cbac08c61dce99597e6dbb6702045 2010.0/i586/lvm2-2.02.53-9.2mnb2.i586.rpm
27e1f390f03910f521d6c9248fd28cfb 2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm
Mandriva Linux 2010.0/X86_64:
3bf5a13a5e066af39062bdaa7a4e6d87 2010.0/x86_64/clvmd-2.02.53-9.2mnb2.x86_64.rpm
aa1f570c9a929aee83dd9547ae905468 2010.0/x86_64/dmsetup-1.02.38-9.2mnb2.x86_64.rpm
81f077f42936ec8be557105a220a149b 2010.0/x86_64/lib64devmapper1.02-1.02.38-9.2mnb2.x86_64.rpm
e90c54801d5d3e201d68731e2cbc4dc5 2010.0/x86_64/lib64devmapper-devel-1.02.38-9.2mnb2.x86_64.rpm
56d2c5cd25dfef94a15568c420743fea 2010.0/x86_64/lib64devmapper-event1.02-1.02.38-9.2mnb2.x86_64.rpm
4cff5d26f20d11a57a7dffe7fb3421a8 2010.0/x86_64/lib64devmapper-event-devel-1.02.38-9.2mnb2.x86_64.rpm
40f4f8aa95abd23c8640e5cf22031b02 2010.0/x86_64/lib64lvm2cmd2.02-2.02.53-9.2mnb2.x86_64.rpm
a87f6ecae4c05b5ced933cb3468ed499 2010.0/x86_64/lib64lvm2cmd-devel-2.02.53-9.2mnb2.x86_64.rpm
96c9b9781d1168c90a557cc583930a7e 2010.0/x86_64/lvm2-2.02.53-9.2mnb2.x86_64.rpm
27e1f390f03910f521d6c9248fd28cfb 2010.0/SRPMS/lvm2-2.02.53-9.2mnb2.src.rpm
Mandriva Linux 2010.1:
48f74df7e0156e45f230429aa41cea7a 2010.1/i586/clvmd-2.02.61-5.1mnb2.i586.rpm
a5fa92bb7251a9f9b9a651a9d681c470 2010.1/i586/cmirror-2.02.61-5.1mnb2.i586.rpm
c7281a45862b7460be4b9623165cc591 2010.1/i586/dmsetup-1.02.44-5.1mnb2.i586.rpm
98c4f715edc57a2a81631cb2ab9a824b 2010.1/i586/libdevmapper1.02-1.02.44-5.1mnb2.i586.rpm
e5b0271e14e85ad94cb3e746960993b1 2010.1/i586/libdevmapper-devel-1.02.44-5.1mnb2.i586.rpm
2b83f2c3a303604e42868b074364b017 2010.1/i586/libdevmapper-event1.02-1.02.44-5.1mnb2.i586.rpm
aef97aaed0fd616df5a046d9b05f55e2 2010.1/i586/libdevmapper-event-devel-1.02.44-5.1mnb2.i586.rpm
1ed885e2a23ca5f9bdaa5796615feeea 2010.1/i586/liblvm2app2.1-2.02.61-5.1mnb2.i586.rpm
9a62cea841692f4a744019664cb6b959 2010.1/i586/liblvm2cmd2.02-2.02.61-5.1mnb2.i586.rpm
a1bc253b7a92b6c7b1ac96e7e2521ee3 2010.1/i586/liblvm2cmd-devel-2.02.61-5.1mnb2.i586.rpm
972c3885883f95b793e4dfaa46121685 2010.1/i586/liblvm2-devel-2.02.61-5.1mnb2.i586.rpm
08190534acaa182f48f8c2aca8b3ad31 2010.1/i586/lvm2-2.02.61-5.1mnb2.i586.rpm
3de3e283a5907efe36b7f5b9038c32a2 2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm
Mandriva Linux 2010.1/X86_64:
3c33074b320e7b7651b9872674bce70b 2010.1/x86_64/clvmd-2.02.61-5.1mnb2.x86_64.rpm
e0bcdee0b2f4e725bfd17b35a9959aa0 2010.1/x86_64/cmirror-2.02.61-5.1mnb2.x86_64.rpm
47c54c45f3f00ae9fe0f9176623739ac 2010.1/x86_64/dmsetup-1.02.44-5.1mnb2.x86_64.rpm
0b25f189581132d3d0bcf736f66ae4c9 2010.1/x86_64/lib64devmapper1.02-1.02.44-5.1mnb2.x86_64.rpm
d3b6a286c01ed42a08301f5425d5e13b 2010.1/x86_64/lib64devmapper-devel-1.02.44-5.1mnb2.x86_64.rpm
7f0596865ef0a8baec758a106a030749 2010.1/x86_64/lib64devmapper-event1.02-1.02.44-5.1mnb2.x86_64.rpm
9346f3ad1ce7d7b9cb68ab77adf1d809 2010.1/x86_64/lib64devmapper-event-devel-1.02.44-5.1mnb2.x86_64.rpm
4c70fc76e4330e61d8b013e5f5396349 2010.1/x86_64/lib64lvm2app2.1-2.02.61-5.1mnb2.x86_64.rpm
248c9c277bd694c1c5f239f2f8dcb983 2010.1/x86_64/lib64lvm2cmd2.02-2.02.61-5.1mnb2.x86_64.rpm
edd014cb4cd0a637ca2e6038d6473958 2010.1/x86_64/lib64lvm2cmd-devel-2.02.61-5.1mnb2.x86_64.rpm
5a5db48748ff8e3ad9c6fcfbab003013 2010.1/x86_64/lib64lvm2-devel-2.02.61-5.1mnb2.x86_64.rpm
8ba0060f839c48eda20db9299933f527 2010.1/x86_64/lvm2-2.02.61-5.1mnb2.x86_64.rpm
3de3e283a5907efe36b7f5b9038c32a2 2010.1/SRPMS/lvm2-2.02.61-5.1mnb2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMhMgBmqjQ0CJFipgRAoeBAKCwND3HDmabTzsVVnJJB9Tq6+imGQCgqRAE
DFyM1mq7f33nL+kHFr1LlBo=
=zRsP
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists