Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1001-1: LVM2 vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu The cluster logical volume manager daemon (clvmd) in LVM2 did not correctlyvalidate credentials. A local user could use this flaw to manipulatelogical volumes without root privileges and cause a denial of service inthe cluster. [More...]
Ubuntu Security Notice USN-1001-1           October 06, 2010
lvm2 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  clvm                            2.02.02-1ubuntu1.6

Ubuntu 8.04 LTS:
  clvm                            2.02.26-1ubuntu9.1

Ubuntu 9.04:
  clvm                            2.02.39-0ubuntu9.1

Ubuntu 9.10:
  clvm                            2.02.39-0ubuntu11.1

Ubuntu 10.04 LTS:
  clvm                            2.02.54-1ubuntu4.1

In general, a standard system update will make all the necessary changes.
In a clustering environment, you need to restart clvmd after the update.

Details follow:

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly
validate credentials. A local user could use this flaw to manipulate
logical volumes without root privileges and cause a denial of service in
the cluster.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    23084 0b3f64de96c9b259a6ef2769946f1e23
      Size/MD5:      798 2005fade3f0eab833f8dc298dff25dc4
      Size/MD5:   477665 e5dfc205aaf673fecb3c1c15164d718c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   193890 fc1605c8d8358720167cc587b4c6e750
      Size/MD5:   198688 b34a16e5e6d7132690bc795b4462db6a
      Size/MD5:   302348 afc947cfd64a2cf764ac824df3aa6714

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   173624 2b7808f8cf8c3d04510514cac0e1e32a
      Size/MD5:   171898 6ff8ce5077fc3ffa52facd8327ff8c30
      Size/MD5:   279694 ee0be92486aad4c98655ffeabb9066e6

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   197078 bf2848d3a77e6fdef5bf3fd72ce4c97d
      Size/MD5:   189558 43368dbc246f5ccf7bbe5f837ff607d4
      Size/MD5:   305146 2bf0804f159411ebd16ece0e1f4c3e88

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   192050 7bfe11bf05d122ace63b13bc097d02b1
      Size/MD5:   195832 0d0fc85a2db41997003d64ee2b97c11f
      Size/MD5:   301914 08c3ec1d2b497c0ea7dacbf60e8bd00a

Updated packages for Ubuntu 8.04 LTS:

  Source archives:
      Size/MD5:    17226 7ad064c5e17a791ea9ff7138a8b43b8b
      Size/MD5:      875 19693df12de08471c95d38b7125ddb52
      Size/MD5:   532355 caa50b5ebd4f27ba57836a805f49e6da

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   212496 fdbd428da1cc23930edb747344f1e614
      Size/MD5:   219252 913d218ec8a6f69b2fec929819eb3ef5
      Size/MD5:   333082 6ba529db36ba122830ea7ef38b59110d

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   202906 6f5d873b18820bce3d709b97fef42e8d
      Size/MD5:   202976 025fc6b34d73b5e6c157fa6b40b5a65c
      Size/MD5:   324570 92a3744440ac46a91bea87d852a6aebd

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   197442 1a7330ed70ff7c2218835f1211e893c5
      Size/MD5:   201118 7aa6fbde9406063044c9f95b8217e3fc
      Size/MD5:   316576 548012adc67d5ecc41560d6ea8da7cf0

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   222174 eb96454e9c5348210c1e3d1424097064
      Size/MD5:   218018 17f3b8a3d281fa6579fa5772db30f297
      Size/MD5:   342522 e74deb1f952906d1aabf888bb7ec8058

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   209216 9c62ce7af2cbfe87e569b1bb8c6ba3ef
      Size/MD5:   222010 1637774926380aef97d6cb18be619c85
      Size/MD5:   328246 36ff2afb49a6638ede8c5dd2cd755eac

Updated packages for Ubuntu 9.04:

  Source archives:
      Size/MD5:    22388 5356d3b53507768ef22c5b42a397e714
      Size/MD5:     1350 62abcea09461364236628cd5fa38b781
      Size/MD5:   578005 32ad429461070f0813aff758e0988bc2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   245570 09991de6dc9e18d64c1aac16a0bb058a
      Size/MD5:   229600 52bc38bf12a2e946d2f147c63024f5fd
      Size/MD5:   368692 8cb8864e009696bc7fa8bc4a7c3b2e15

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   235108 e677dcf04e1f02f21e4983648a5bcc8a
      Size/MD5:   213302 c2d8ad6761c0388af6f324db4cdb90e2
      Size/MD5:   359728 8ce369e94599e6db2528c5de94711b43

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   228172 1dc9fac082af2cbdb2c2c95cb51b322d
      Size/MD5:   212010 ce9836479736b2798165b9d2958c553f
      Size/MD5:   349674 ff62aaa377ad0812455ad7ab43f5553a

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   250962 dc3b75795012d17342a5c2aaeef66548
      Size/MD5:   224486 29cba21376f446223b746d4d950c682b
      Size/MD5:   372682 5fe055126e5c72a14102695b2f7bc65d

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   236866 de0c408b3125abbf4811341ecb4d1b9c
      Size/MD5:   228694 24f0ac1948984422c8a69bb222749911
      Size/MD5:   357278 f26499b00b4735f490179b7584fe5be0

Updated packages for Ubuntu 9.10:

  Source archives:
      Size/MD5:    22542 b709f6d8ca6b08b4918f4bf27611b7a9
      Size/MD5:     1354 d4a27fe8a44100ea20c54badb059b1bf
      Size/MD5:   578005 32ad429461070f0813aff758e0988bc2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   246726 26d592188ca67dd2748ef7a20955aab7
      Size/MD5:   230540 8a57dba84f8afbc9c887288b362a8ecc
      Size/MD5:   370736 b763ee5f1b5160dd8298b73acdd56a3a

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   235516 0f906b693bc090455df5b86260f43eec
      Size/MD5:   214148 88fb359718a76502337f96bbb3e11678
      Size/MD5:   360662 09e36793195650e349f6cf61b2584007

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:   230692 26a1e56de91f0a0929862a9ce894ca29
      Size/MD5:   212890 d545df0126e93379c5dae53111c9a4eb
      Size/MD5:   352830 be0841cd72e0d8d0a3815889c541f680

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   249322 a25dd0adcdaeb34a1e9157380f4cc77c
      Size/MD5:   236518 a1b30ebcadc91e130a4822d22595b8f2
      Size/MD5:   371840 7345d69d1e0f686787bc7a49cf5bbb97

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   236702 7b133a11dd076b1926415cb4904889ef
      Size/MD5:   230884 25e0e4b09bfa9166ae9ff29a90299013
      Size/MD5:   357436 ac3cef67c7f1c4b62e87e313006c1f26

Updated packages for Ubuntu 10.04 LTS:

  Source archives:
      Size/MD5:    40302 221951e1f20686ab24e5bd95d00ad150
      Size/MD5:     1532 92582894649ce59f2baf345cd40cf52e
      Size/MD5:   834044 5ecaae2b53babc94a9eaf7ec463755d6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   271958 d65b97f88a758bc51223b86c2f7b2155
      Size/MD5:    24202 0a3da6d518112e06e2ad684df3718123
      Size/MD5:    56366 06a326ed5e05187804efa0a07e01eee8
      Size/MD5:   112568 7df4738aba3b8b38d592c910c53ba307
      Size/MD5:    28648 b1195284708b28a6b86eac0dbf24a745
      Size/MD5:    50336 94573230277f8ba2a0ea1f368ff90480
      Size/MD5:    82604 7d44f41c34390b39f8c6682ab7b2909d
      Size/MD5:   245894 ccbb0e28a4eeea93cf3bf44202d31a9f
      Size/MD5:   423276 d67ebe9d1c746c81f27a6e3ac1793de9
      Size/MD5:    32368 858e43dd1fdb812d6bad04d582250ba4

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   260288 f8febb2edda7f07c28a3e190d8022d0a
      Size/MD5:    22210 f36a9005b3330f5a380a659c06317134
      Size/MD5:    54636 220a40cf8a1c591a65b1f0c8f7ddd52f
      Size/MD5:   107356 975ad72ad82ee169089ce634fd6f4cc6
      Size/MD5:    27454 d4bc8cc8692ef4f649a93d02e5bd8914
      Size/MD5:    42822 7e88f3a08a2486af7c34486e62ae7b37
      Size/MD5:    76912 a698213ce2b0d13dfe08bda6b9a028e4
      Size/MD5:   225636 633dcd7d1f30dc27771163af55eac105
      Size/MD5:   408938 e70eb9fc1a3d3566bc4cefc4781f0a0e
      Size/MD5:    31144 8d05466f3e6928b74fd492fa23c60c04

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   273472 7994e636707ff39d1521cc893bc7d542
      Size/MD5:    24060 542a0c658daf97074ef750fa75211a77
      Size/MD5:    55242 d1778b902742bf1d7a58c55021c4eac0
      Size/MD5:   103002 2e6def57fadf13f6aa8ea14321f34695
      Size/MD5:    28326 2901e3a8e454c31a30fcd725e2a08c9f
      Size/MD5:    48278 9bcfe05697e42d8ec017032ec597a8d1
      Size/MD5:    79124 c6a8a573c7e68219df1dd41af0ab2138
      Size/MD5:   250186 1b2b2e679d97fafb2658c8326c48aa3c
      Size/MD5:   420224 bf98e4ab40052962c6cf12d279380a9c
      Size/MD5:    32234 d655eeb76776593d08ad47b8b27217dd

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   271656 ffa3838ecdc60c9402affe793e02ac16
      Size/MD5:    24766 acf7e3c436a3ffd3daa8076a127cc9c4
      Size/MD5:    55582 771a9761fdee6b6d28ad2c3fddd8b9d0
      Size/MD5:   115286 44c6b8d063ecaec0c05703e8bf2def69
      Size/MD5:    27532 b1b3cb039dc86d09e181b582f979af32
      Size/MD5:    47054 790b8007c6cd805d4655bcadcdce3018
      Size/MD5:    76842 43faf1eeb2eff154f8caaf815759b2e6
      Size/MD5:   252006 3afa1c3d2fa2173ccc521050ab7499af
      Size/MD5:   418534 4afd88c0898b7407491c666f0eec4348
      Size/MD5:    31790 6a830031eb5bd45b58c8abb8945c0261

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.