USN-1001-1: LVM2 vulnerability

6 October 2010

lvm2 vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 10.04 LTS
  • Ubuntu 9.10
  • Ubuntu 9.04
  • Ubuntu 8.04 LTS
  • Ubuntu 6.06 LTS

Summary

Software Description

  • lvm2

Details

The cluster logical volume manager daemon (clvmd) in LVM2 did not correctly validate credentials. A local user could use this flaw to manipulate logical volumes without root privileges and cause a denial of service in the cluster.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 10.04 LTS
clvm - 2.02.54-1ubuntu4.1
Ubuntu 9.10
clvm - 2.02.39-0ubuntu11.1
Ubuntu 9.04
clvm - 2.02.39-0ubuntu9.1
Ubuntu 8.04 LTS
clvm - 2.02.26-1ubuntu9.1
Ubuntu 6.06 LTS
clvm - 2.02.02-1ubuntu1.6

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes. In a clustering environment, you need to restart clvmd after the update.

References