USN-1001-1: LVM2 vulnerability

06 October 2010

Releases

Packages

Details

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly
validate credentials. A local user could use this flaw to manipulate
logical volumes without root privileges and cause a denial of service in
the cluster.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04
Ubuntu 6.06
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.
In a clustering environment, you need to restart clvmd after the update.

References