The following have been uploaded to the security errata area because of dependencies of lvm2. i386: device-mapper-1.02.39-1.el5_5.2.i386.rpm device-mapper-event-1.02.39-1.el5_5.2.i386.rpm x86_64: device-mapper-1.02.39-1.el5_5.2.i386.rpm device-mapper-1.02.39-1.el5_5.2.x86_64.rpm device-mapper-event-1.02.39-1.el5_5.2.x86_64.rpm -Connie Sieh On Sun, 1 Aug 2010, Hervé Riboulot wrote: > Hello, > > I cannot process the security update due to dependencies issues: 'Error: > Missing Dependency: device-mapper >= 1.02.39-1.el5_5.1 is needed by package > lvm2-2.02.56-8.el5_5.6.x86_64 (sl-security)'. > > Device-mapper (i386 and 86_64) are installed: > > rpm -qa device-mapper > device-mapper-1.02.39-1.el5.x86_64 > device-mapper-1.02.39-1.el5.i386 > > > I'm running SL 5.5 on the following configuration: 2.6.18-194.8.1.el5 #1 > SMP Thu Jul 1 16:05:53 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux > > Best regards, > > > > > Le 01.08.2010 06:29, Connie Sieh a écrit : >> >> Issue date: 2010-07-28 >> CVE Names: CVE-2010-2526 >> Description: >> >> It was discovered that the cluster logical volume manager daemon (clvmd) >> did not verify the credentials of clients connecting to its control UNIX >> abstract socket, allowing local, unprivileged users to send control >> commands that were intended to only be available to the privileged root >> user. This could allow a local, unprivileged user to cause clvmd to exit, >> or request clvmd to activate, deactivate, or reload any logical volume on >> the local system or another system in the cluster. (CVE-2010-2526) >> >> Note: This update changes clvmd to use a pathname-based socket rather than >> an abstract socket. As such, the lvm2 update 2010:0569, which changes >> LVM to also use this pathname-based socket, must also be installed for LVM >> to be able to communicate with the updated clvmd. >> >> All lvm2-cluster users should upgrade to this updated package, which >> contains a backported patch to correct this issue. After installing the >> updated package, clvmd must be restarted for the update to take effect. >> >> 5. Bugs fixed >> >> CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and >> clvmd >> >> 6. Package List: >> >> SRPM: >> lvm2-cluster-2.02.56-7.el5_5.4.src.rpm >> >> i386: >> lvm2-cluster-2.02.56-7.el5_5.4.i386.rpm >> >> x86_64: >> lvm2-cluster-2.02.56-7.el5_5.4.x86_64.rpm >> >> >> lvm2 update included because of dependency. >> >> i386: >> lvm2-2.02.56-8.el5_5.6.i386.rpm >> x86_64: >> lvm2-2.02.56-8.el5_5.6.x86_64.rpm >> >> -Connie Sieh >> -Troy Dawson >> >> > > > > > >