Subject: | |
From: | |
Reply To: | |
Date: | Tue, 3 Aug 2010 20:48:52 -0500 |
Content-Type: | multipart/mixed |
Parts/Attachments: |
|
|
The following have been uploaded to the security errata area because of
dependencies of lvm2.
i386:
device-mapper-1.02.39-1.el5_5.2.i386.rpm
device-mapper-event-1.02.39-1.el5_5.2.i386.rpm
x86_64:
device-mapper-1.02.39-1.el5_5.2.i386.rpm
device-mapper-1.02.39-1.el5_5.2.x86_64.rpm
device-mapper-event-1.02.39-1.el5_5.2.x86_64.rpm
-Connie Sieh
On Sun, 1 Aug 2010, Hervé Riboulot wrote:
> Hello,
>
> I cannot process the security update due to dependencies issues: 'Error:
> Missing Dependency: device-mapper >= 1.02.39-1.el5_5.1 is needed by package
> lvm2-2.02.56-8.el5_5.6.x86_64 (sl-security)'.
>
> Device-mapper (i386 and 86_64) are installed:
>
> rpm -qa device-mapper
> device-mapper-1.02.39-1.el5.x86_64
> device-mapper-1.02.39-1.el5.i386
>
>
> I'm running SL 5.5 on the following configuration: 2.6.18-194.8.1.el5 #1
> SMP Thu Jul 1 16:05:53 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
>
> Best regards,
>
>
>
>
> Le 01.08.2010 06:29, Connie Sieh a écrit :
>>
>> Issue date: 2010-07-28
>> CVE Names: CVE-2010-2526
>> Description:
>>
>> It was discovered that the cluster logical volume manager daemon (clvmd)
>> did not verify the credentials of clients connecting to its control UNIX
>> abstract socket, allowing local, unprivileged users to send control
>> commands that were intended to only be available to the privileged root
>> user. This could allow a local, unprivileged user to cause clvmd to exit,
>> or request clvmd to activate, deactivate, or reload any logical volume on
>> the local system or another system in the cluster. (CVE-2010-2526)
>>
>> Note: This update changes clvmd to use a pathname-based socket rather than
>> an abstract socket. As such, the lvm2 update 2010:0569, which changes
>> LVM to also use this pathname-based socket, must also be installed for LVM
>> to be able to communicate with the updated clvmd.
>>
>> All lvm2-cluster users should upgrade to this updated package, which
>> contains a backported patch to correct this issue. After installing the
>> updated package, clvmd must be restarted for the update to take effect.
>>
>> 5. Bugs fixed
>>
>> CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and
>> clvmd
>>
>> 6. Package List:
>>
>> SRPM:
>> lvm2-cluster-2.02.56-7.el5_5.4.src.rpm
>>
>> i386:
>> lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm
>>
>> x86_64:
>> lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm
>>
>>
>> lvm2 update included because of dependency.
>>
>> i386:
>> lvm2-2.02.56-8.el5_5.6.i386.rpm
>> x86_64:
>> lvm2-2.02.56-8.el5_5.6.x86_64.rpm
>>
>> -Connie Sieh
>> -Troy Dawson
>>
>>
>
>
>
>
>
>
|
|
|