1
PublicDateAtUSN: 2010-08-05
2
Candidate: CVE-2010-2526
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2526
6
http://www.debian.org/security/2010/dsa-2095
7
https://usn.ubuntu.com/usn/usn-1001-1
9
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2
10
before 2.02.72, as used in Red Hat Global File System (GFS) and other
11
products, does not verify client credentials upon a socket connection,
12
which allows local users to cause a denial of service (daemon exit or
13
logical-volume change) or possibly have unspecified other impact via
14
crafted control commands.
18
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591204
19
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2526
25
vendor: http://patch-tracker.debian.org/patch/series/view/lvm2/2.02.66-3/upstream-2.02.72.patch
26
vendor: http://patch-tracker.debian.org/patch/series/view/lvm2/2.02.39-8/CVE-2010-2526.patch
27
upstream_lvm2: released (2.02.72)
28
dapper_lvm2: released (2.02.02-1ubuntu1.6)
29
hardy_lvm2: released (2.02.26-1ubuntu9.1)
30
jaunty_lvm2: released (2.02.39-0ubuntu9.1)
31
karmic_lvm2: released (2.02.39-0ubuntu11.1)
32
lucid_lvm2: released (2.02.54-1ubuntu4.1)
33
devel_lvm2: released (2.02.54-1ubuntu6)