I have released version 2.02.72 of LVM2 today to address a security problem. ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz ftp://sources.redhat.com/pub/lvm2/LVM2.2.02.72.tgz.asc If you are running clvmd on a machine where you also have non-root users you should seriously consider applying the patch, The problem has been in the code base since 2004. LVM2 on its own is not vulnerable to this problem. Vendors were notified last week. Red Hat's Security Advisories are here: https://rhn.redhat.com/errata/RHSA-2010-0567.html https://rhn.redhat.com/errata/RHSA-2010-0568.html Fuller details are in the Red Hat Bugzilla: https://bugzilla.redhat.com/CVE-2010-2526 The essential part of the patch is attached there and it should apply to older releases too. Alasdair -- agk@redhat.com
Attachment:
pgpNoX0VANn4i.pgp
Description: PGP signature
_______________________________________________ linux-lvm mailing list linux-lvm@redhat.com https://www.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
