Related Vulnerabilities: CVE-2010-2526

Source

Debian Bug report logs - #591204
CVE-2010-2526: insecure communication between lvm2 and clvmd

Package: clvm; Maintainer for clvm is Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>; Source for clvm is src:lvm2 (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Sun, 1 Aug 2010 04:21:01 UTC

Severity: grave

Tags: patch, security

Fixed in versions lvm2/2.02.66-3, lvm2/2.02.39-8

Done: Bastian Blank <waldi@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>:
Bug#591204; Package clvm. (Sun, 01 Aug 2010 04:21:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Sun, 01 Aug 2010 04:21:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: clvm
Severity: grave
Tags: security

Please see

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526

https://www.redhat.com/archives/rhsa-announce/2010-July/msg00021.html
https://www.redhat.com/archives/rhsa-announce/2010-July/msg00022.html

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages clvm depends on:
ii  libc6                        2.11.2-2    Embedded GNU C Library: Shared lib
pn  libcman2                     <none>      (no description available)
ii  libdevmapper1.02.1           2:1.02.48-2 The Linux Kernel Device Mapper use
pn  libdlm2                      <none>      (no description available)
ii  libreadline5                 5.2-7       GNU readline and history libraries
pn  lvm2                         <none>      (no description available)

clvm recommends no packages.

Versions of packages clvm suggests:
pn  cman                          <none>     (no description available)

Information forwarded to debian-bugs-dist@lists.debian.org, Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>:
Bug#591204; Package clvm. (Thu, 19 Aug 2010 10:09:06 GMT) (full text, mbox, link).

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Thu, 19 Aug 2010 10:09:06 GMT) (full text, mbox, link).

Message #10 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

tags 591204 + patch
tags 591204 + pending
thanks

Dear maintainer,

I've prepared an NMU for lvm2 (versioned as 2.02.66-2.1) and
uploaded it to DELAYED/1. Please feel free to tell me if I
should delay it longer.

Regards.
Giuseppe

[lvm2-2.02.66-2.1-nmu.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Added tag(s) patch. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Thu, 19 Aug 2010 10:09:10 GMT) (full text, mbox, link).

Added tag(s) pending. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Thu, 19 Aug 2010 10:09:10 GMT) (full text, mbox, link).

Acknowledgement sent to Bastian Blank <waldi@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Thu, 19 Aug 2010 10:30:04 GMT) (full text, mbox, link).

Message #19 received at 591204@bugs.debian.org (full text, mbox, reply):

On Thu, Aug 19, 2010 at 12:06:34PM +0200, Giuseppe Iuculano wrote:
> I've prepared an NMU for lvm2 (versioned as 2.02.66-2.1) and
> uploaded it to DELAYED/1. Please feel free to tell me if I
> should delay it longer.

Where does this patch come from? It is not included into the upstream
source this way. As long as this is not known: NACK.

Bastian

-- 
It is a human characteristic to love little animals, especially if
they're attractive in some way.
		-- McCoy, "The Trouble with Tribbles", stardate 4525.6

Message #24 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 12:26 PM, Bastian Blank wrote:
> Where does this patch come from? It is not included into the upstream
> source this way. As long as this is not known: NACK.

It comes from upstream, I used the essential part of the patch.

Please see:
https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html


Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #29 received at 591204@bugs.debian.org (full text, mbox, reply):

On Thu, Aug 19, 2010 at 12:39:28PM +0200, Giuseppe Iuculano wrote:
> On 08/19/2010 12:26 PM, Bastian Blank wrote:
> > Where does this patch come from? It is not included into the upstream
> > source this way. As long as this is not known: NACK.
> It comes from upstream, I used the essential part of the patch.

Please describe the changes you made. It even differs in the comments.

> Please see:
> https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html

This only shows the annoncement, the patch is in
https://bugzilla.redhat.com/attachment.cgi?id=434982

Bastian

-- 
To live is always desirable.
		-- Eleen the Capellan, "Friday's Child", stardate 3498.9

Message #34 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 12:54 PM, Bastian Blank wrote:
> Please describe the changes you made. It even differs in the comments.

> This only shows the annoncement, the patch is in
> https://bugzilla.redhat.com/attachment.cgi?id=434982

It is the same patch without the configure and Makefile stuff (upstream
added --with-default-run-dir configure argument, I instead hardcoded it
to /var/run/clvmd.sock ). I removed that part to avoid autoreconf

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #39 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 01:29 PM, Giuseppe Iuculano wrote:
> It is the same patch without the configure and Makefile stuff (upstream
> added --with-default-run-dir configure argument, I instead hardcoded it
> to /var/run/clvmd.sock ). I removed that part to avoid autoreconf

I just noted I forgot check_permissions(); also for case 'S' (restart),
I will upload a new revision soon.

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #44 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Dear maintainer,

I've prepared an NMU for lvm2 (versioned as 2.02.66-2.2) and
uploaded it to DELAYED/1. Please feel free to tell me if I
should delay it longer.

Regards.

[lvm2-2.02.66-2.2-nmu.diff (text/x-diff, attachment)]

[signature.asc (application/pgp-signature, inline)]

Acknowledgement sent to Mehdi Dogguy <mehdi@dogguy.org>:
Extra info received and forwarded to list. Copy sent to Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>. (Thu, 19 Aug 2010 12:15:03 GMT) (full text, mbox, link).

Message #49 received at 591204@bugs.debian.org (full text, mbox, reply):

On 19/08/2010 13:59, Giuseppe Iuculano wrote:
> Dear maintainer,
> 
> I've prepared an NMU for lvm2 (versioned as 2.02.66-2.2) and uploaded
> it to DELAYED/1. Please feel free to tell me if I should delay it
> longer.
> 

Why two NMUs for a single patch? Can't you drop the first one, fix it and
re-upload?

Regards,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. (Thu, 19 Aug 2010 13:06:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Thu, 19 Aug 2010 13:06:05 GMT) (full text, mbox, link).

Message #54 received at 591204-close@bugs.debian.org (full text, mbox, reply):

Source: lvm2
Source-Version: 2.02.66-3

We believe that the bug you reported is fixed in the latest version of
lvm2, which is due to be installed in the Debian FTP archive:

clvm_2.02.66-3_amd64.deb
  to main/l/lvm2/clvm_2.02.66-3_amd64.deb
dmsetup-udeb_1.02.48-3_amd64.udeb
  to main/l/lvm2/dmsetup-udeb_1.02.48-3_amd64.udeb
dmsetup_1.02.48-3_amd64.deb
  to main/l/lvm2/dmsetup_1.02.48-3_amd64.deb
libdevmapper-dev_1.02.48-3_amd64.deb
  to main/l/lvm2/libdevmapper-dev_1.02.48-3_amd64.deb
libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
  to main/l/lvm2/libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
libdevmapper1.02.1_1.02.48-3_amd64.deb
  to main/l/lvm2/libdevmapper1.02.1_1.02.48-3_amd64.deb
liblvm2-dev_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2-dev_2.02.66-3_amd64.deb
liblvm2app2.2_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2app2.2_2.02.66-3_amd64.deb
liblvm2cmd2.02_2.02.66-3_amd64.deb
  to main/l/lvm2/liblvm2cmd2.02_2.02.66-3_amd64.deb
lvm2-udeb_2.02.66-3_amd64.udeb
  to main/l/lvm2/lvm2-udeb_2.02.66-3_amd64.udeb
lvm2_2.02.66-3.debian.tar.gz
  to main/l/lvm2/lvm2_2.02.66-3.debian.tar.gz
lvm2_2.02.66-3.dsc
  to main/l/lvm2/lvm2_2.02.66-3.dsc
lvm2_2.02.66-3_amd64.deb
  to main/l/lvm2/lvm2_2.02.66-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591204@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated lvm2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Aug 2010 14:44:02 +0200
Source: lvm2
Binary: lvm2 lvm2-udeb clvm libdevmapper-dev libdevmapper1.02.1 libdevmapper1.02.1-udeb dmsetup dmsetup-udeb liblvm2app2.2 liblvm2cmd2.02 liblvm2-dev
Architecture: source amd64
Version: 2.02.66-3
Distribution: unstable
Urgency: high
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description: 
 clvm       - Cluster LVM Daemon for lvm2
 dmsetup    - The Linux Kernel Device Mapper userspace library
 dmsetup-udeb - The Linux Kernel Device Mapper userspace library (udeb)
 libdevmapper-dev - The Linux Kernel Device Mapper header files
 libdevmapper1.02.1 - The Linux Kernel Device Mapper userspace library
 libdevmapper1.02.1-udeb - The Linux Kernel Device Mapper userspace library (udeb)
 liblvm2-dev - LVM2 libraries - development files
 liblvm2app2.2 - LVM2 application library
 liblvm2cmd2.02 - LVM2 command library
 lvm2       - The Linux Logical Volume Manager
 lvm2-udeb  - The Linux Logical Volume Manager (udeb)
Closes: 591204
Changes: 
 lvm2 (2.02.66-3) unstable; urgency=high
 .
   * Import upstream version 2.02.72:
     - CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
      (Closes: #591204)
     - Only use single node clvm if explicitly requested.
Checksums-Sha1: 
 dee8aa1838bc12e4c0b19ea099f2683566252c07 1449 lvm2_2.02.66-3.dsc
 978cbca884ccd72573f8a427c10b6392bb3dc808 34832 lvm2_2.02.66-3.debian.tar.gz
 b64262635c79d4e234088d52ebac134ab01712f6 85206 libdevmapper1.02.1_1.02.48-3_amd64.deb
 ae60dd416dafbd15cf53fcab1c68a3335db9cbae 52966 libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 c76aacd564234f8c2537d02eb94d7eadb351c097 32480 libdevmapper-dev_1.02.48-3_amd64.deb
 287f15f90dac849afdb537ba3b1f6416e7524ff8 56566 dmsetup_1.02.48-3_amd64.deb
 c69573a7e8c245593d6d6183e8b845e8ab39b8fc 21646 dmsetup-udeb_1.02.48-3_amd64.udeb
 53b19497a0a565e6dfdd3b255e1ad5fdbf8621fd 257422 liblvm2app2.2_2.02.66-3_amd64.deb
 640e16ab08a85f4b6e049702783c21c7ae2d5a60 343224 liblvm2cmd2.02_2.02.66-3_amd64.deb
 9c68f036796f47d64084b7a0dcd8636d5f6b8c27 53022 liblvm2-dev_2.02.66-3_amd64.deb
 4dd1c6622e7ca4eeab96307c10aecdab375b0b00 447822 lvm2_2.02.66-3_amd64.deb
 deb4e3114b3d965514670ae41ef04a9f3e17481d 272350 lvm2-udeb_2.02.66-3_amd64.udeb
 106ff974c2e880ae69d35e8980f87d83953afeac 281156 clvm_2.02.66-3_amd64.deb
Checksums-Sha256: 
 052b3597e5165132fe4512ea965f43552212fefb1ea70388112c18434c9634be 1449 lvm2_2.02.66-3.dsc
 45175c773cb712c37e48548faf0d8fcde347db044ad0be2bd4e80461db57b4b0 34832 lvm2_2.02.66-3.debian.tar.gz
 2cd052dd772413ea287a98c76d5dc746c14ed061c8183ae3c6b8a2c109dd6718 85206 libdevmapper1.02.1_1.02.48-3_amd64.deb
 bcfdb5408fdff9526759312ba392a4d36fc5849eb8d9e4f0045c8ad9bf9b8044 52966 libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 2e2a0217a3d4c93cbec1742a7b79c1a4b0937818a0cda3e3f87d504da621e8d2 32480 libdevmapper-dev_1.02.48-3_amd64.deb
 80a3cb7176b122858b18b93085133f80c882f5166b78ce19170e71ddef6a2a42 56566 dmsetup_1.02.48-3_amd64.deb
 01c7a30ab1f7060c6471673d30d5e5b1ac48eb8a3103dff2e3058df1a7deecf6 21646 dmsetup-udeb_1.02.48-3_amd64.udeb
 cb187a487ac3a13707b054b3bffd903ea2cac1c1226ce08eb5480fb21a027693 257422 liblvm2app2.2_2.02.66-3_amd64.deb
 e9532f7895a12cba2266a7a4d44b515a090302dce00830af0f0b88e936d7865b 343224 liblvm2cmd2.02_2.02.66-3_amd64.deb
 54beb8093531c4ca6c119856298343e91ea1f4daf0e4d95c20fd6b335d0d67f0 53022 liblvm2-dev_2.02.66-3_amd64.deb
 a9221ffc6dbdc5b35c29faeb229577fab6707ac8e540c31ed0468f54e21e1853 447822 lvm2_2.02.66-3_amd64.deb
 9ba4b87b2e2c6ebe5ca9b0ce868ba64f7b605eb35ef8d5f5aa1d43462d90a76f 272350 lvm2-udeb_2.02.66-3_amd64.udeb
 e6bbe3efb79b445a6899d8c54f7e57dd7c9af21b6c2c9d046f501a899c54ab54 281156 clvm_2.02.66-3_amd64.deb
Files: 
 c461c8407cadedcc7585d772f42ea99e 1449 admin optional lvm2_2.02.66-3.dsc
 f90e175212d97e5eda524adb84e4409f 34832 admin optional lvm2_2.02.66-3.debian.tar.gz
 0bc52936d36ac2ae27f73acd537a7d7c 85206 libs required libdevmapper1.02.1_1.02.48-3_amd64.deb
 e4b6cc12433307ded390da7be28431ab 52966 debian-installer optional libdevmapper1.02.1-udeb_1.02.48-3_amd64.udeb
 0fc316f6f396b57a834406a347207404 32480 libdevel optional libdevmapper-dev_1.02.48-3_amd64.deb
 4092bfffe03cd933c0dd96ee53dfe7cb 56566 admin optional dmsetup_1.02.48-3_amd64.deb
 e84cdc234cd08ea84f19d4231eb1412d 21646 debian-installer optional dmsetup-udeb_1.02.48-3_amd64.udeb
 7a8d2e16276e099c734bf9a74104a635 257422 libs optional liblvm2app2.2_2.02.66-3_amd64.deb
 32e8160b58f671f06a015deeaa2c607c 343224 libs optional liblvm2cmd2.02_2.02.66-3_amd64.deb
 a889f270e38f88cad2098497450e2f68 53022 libdevel optional liblvm2-dev_2.02.66-3_amd64.deb
 aeadf2b9988f0a76d87b8257cea5751d 447822 admin optional lvm2_2.02.66-3_amd64.deb
 c8a38401f950c6ce1a16223a9fb4c0eb 272350 debian-installer optional lvm2-udeb_2.02.66-3_amd64.udeb
 4ad75fcf0e31454e66e377e95e35ed33 281156 admin extra clvm_2.02.66-3_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxtKDYACgkQLkAIIn9ODhGxfQCfeRAWv8jN2y5/ZdFni4xeyyke
0oMAoLt3RR7QAIpsGhWmWLOMW0VyUMGh
=Gj0f
-----END PGP SIGNATURE-----

Message #59 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 02:11 PM, Mehdi Dogguy wrote:
> Why two NMUs for a single patch? Can't you drop the first one, fix it and
> re-upload?

Because dcut rm --searchdirs lvm2* didn't work, now I'm trying with rm
DELAYED/1-day/libvm2*

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #64 received at 591204@bugs.debian.org (full text, mbox, reply):

On 19/08/2010 15:20, Giuseppe Iuculano wrote:
> On 08/19/2010 02:11 PM, Mehdi Dogguy wrote:
>> Why two NMUs for a single patch? Can't you drop the first one, fix it and
>> re-upload?
> 
> Because dcut rm --searchdirs lvm2* didn't work, now I'm trying with rm
> DELAYED/1-day/libvm2*
> 

I'm sure "dcut cancel $changes_files" works :)

Cheers,

-- 
Mehdi Dogguy مهدي الدڤي
http://dogguy.org/

Message #69 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 03:27 PM, Mehdi Dogguy wrote:
> I'm sure "dcut cancel $changes_files" works :)

oh, it worked, thanks! :-)

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Message #74 received at 591204@bugs.debian.org (full text, mbox, reply):

On Thu, Aug 19, 2010 at 01:29:18PM +0200, Giuseppe Iuculano wrote:
> On 08/19/2010 12:54 PM, Bastian Blank wrote:
> > Please describe the changes you made. It even differs in the comments.
> > This only shows the annoncement, the patch is in
> > https://bugzilla.redhat.com/attachment.cgi?id=434982
> It is the same patch without the configure and Makefile stuff (upstream
> added --with-default-run-dir configure argument, I instead hardcoded it
> to /var/run/clvmd.sock ). I removed that part to avoid autoreconf

Sorry, this is not acceptable. The patch
- differes in comments,
- used path,
- removes autoconf parts without reason, autoreconf is called anyway, and
- is incomplete.

Bastian

-- 
Warp 7 -- It's a law we can live with.

Message #79 received at 591204@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

On 08/19/2010 04:29 PM, Bastian Blank wrote:
> Sorry, this is not acceptable. The patch
> - differes in comments,
> - used path,
> - removes autoconf parts without reason, autoreconf is called anyway, and
> - is incomplete.

Well, FWIW this is instead acceptable from a NMUer point of view, anyway
this isn't important, happy to see that the intent of NMU speeded up the
fix for this issue, thanks for the upload.

About your upload to security-master, it was rejected:
Rejected: lvm2_2.02.39-8.dsc refers to lvm2_2.02.39.orig.tar.gz, but I
can't find it in the queue or in the pool.

Please build it with orig.tar.gz (-sa), I will take care of the DSA.

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Reply sent to Bastian Blank <waldi@debian.org>:
You have taken responsibility. (Wed, 25 Aug 2010 20:06:16 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Wed, 25 Aug 2010 20:06:16 GMT) (full text, mbox, link).

Message #84 received at 591204-close@bugs.debian.org (full text, mbox, reply):

Source: lvm2
Source-Version: 2.02.39-8

We believe that the bug you reported is fixed in the latest version of
lvm2, which is due to be installed in the Debian FTP archive:

clvm_2.02.39-8_amd64.deb
  to main/l/lvm2/clvm_2.02.39-8_amd64.deb
lvm2-udeb_2.02.39-8_amd64.udeb
  to main/l/lvm2/lvm2-udeb_2.02.39-8_amd64.udeb
lvm2_2.02.39-8.diff.gz
  to main/l/lvm2/lvm2_2.02.39-8.diff.gz
lvm2_2.02.39-8.dsc
  to main/l/lvm2/lvm2_2.02.39-8.dsc
lvm2_2.02.39-8_amd64.deb
  to main/l/lvm2/lvm2_2.02.39-8_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 591204@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bastian Blank <waldi@debian.org> (supplier of updated lvm2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 19 Aug 2010 16:19:35 +0200
Source: lvm2
Binary: lvm2 lvm2-udeb clvm
Architecture: source amd64
Version: 2.02.39-8
Distribution: stable-security
Urgency: high
Maintainer: Debian LVM Team <pkg-lvm-maintainers@lists.alioth.debian.org>
Changed-By: Bastian Blank <waldi@debian.org>
Description: 
 clvm       - Cluster LVM Daemon for lvm2
 lvm2       - The Linux Logical Volume Manager
 lvm2-udeb  - The Linux Logical Volume Manager (udeb)
Closes: 591204
Changes: 
 lvm2 (2.02.39-8) stable-security; urgency=high
 .
   * CVE-2010-2526: Fix insecure communication between lvm2 and clvmd.
    (Closes: #591204)
Checksums-Sha1: 
 fe00437ea46d2b09519ca274559482fc3399bbab 1132 lvm2_2.02.39-8.dsc
 dd1edf0b15e39e59613553d876e21eb89d782bba 594342 lvm2_2.02.39.orig.tar.gz
 8af4008c043d4aa987529cd3ae007e49b5b91725 17393 lvm2_2.02.39-8.diff.gz
 7c755aa1823afa7b0c3388c3dbc2581c13e061a7 365790 lvm2_2.02.39-8_amd64.deb
 36c9c70464632d8377e8d39c6bf2b0d666e322f2 237884 clvm_2.02.39-8_amd64.deb
 fc0e3fd541a32289bb0967ff5248a3e0dc170e3b 225468 lvm2-udeb_2.02.39-8_amd64.udeb
Checksums-Sha256: 
 f49e9b6acefe1c347e61d4ef6b196b2aa5302878362db5e9b24133d3c0873f71 1132 lvm2_2.02.39-8.dsc
 2edd044021c345d0e6f5bda2a2ea0d7422800fbfa2db66a44794a3b52d119c47 594342 lvm2_2.02.39.orig.tar.gz
 b0a469d82f69dcfad834657f9802ee140e9a1e3682b7b7672e8b5c24b57ab2fe 17393 lvm2_2.02.39-8.diff.gz
 ecb41127bf9e04b08e78770b3356c3e914a7734a94b428fe99b16267010ee1b9 365790 lvm2_2.02.39-8_amd64.deb
 ca8a51f8e5c05823e3731744fd86fae2abbdfe89aeac06491da5ba5c153c5331 237884 clvm_2.02.39-8_amd64.deb
 e284634c91defc6db84e10648e2dfa4c85741d92b717de813ea2f487575cfa41 225468 lvm2-udeb_2.02.39-8_amd64.udeb
Files: 
 a0c84982012567f3ca824e7bdeae7637 1132 admin optional lvm2_2.02.39-8.dsc
 1450ae55a89ea98e4ea51ad7f4ba22d4 594342 admin optional lvm2_2.02.39.orig.tar.gz
 fb9151fdf32540e15eb245389d9d5903 17393 admin optional lvm2_2.02.39-8.diff.gz
 dcc943057cd272357b6650f1eefac73a 365790 admin optional lvm2_2.02.39-8_amd64.deb
 a0125354fa125136d2f9ec3de006cdc2 237884 admin extra clvm_2.02.39-8_amd64.deb
 8c8e5331e9ddb80e616ae52e766007fd 225468 debian-installer optional lvm2-udeb_2.02.39-8_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkxtWtQACgkQLkAIIn9ODhHkcACgm1djZHRxG6XMT/C9KHceYATu
24MAoKyeYWh4YqY6skNHb10ko7pbhoES
=46ab
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 23 Sep 2010 07:31:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:32:42 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

CVE-2010-2526: insecure communication between lvm2 and clvmd

Debian Bug report logs - #591204
CVE-2010-2526: insecure communication between lvm2 and clvmd

Vulmon Search

About

Products

Connect

CVE-2010-2526: insecure communication between lvm2 and clvmd

Debian Bug report logs - #591204 CVE-2010-2526: insecure communication between lvm2 and clvmd

Vulmon Search

About

Products

Connect

Debian Bug report logs - #591204
CVE-2010-2526: insecure communication between lvm2 and clvmd