Bug 334087 (CVE-2010-2526)

Comment 1 Robin Johnson 2010-08-23 18:26:57 UTC

Arches, please stabilize =sys-fs/lvm2-2.02.73.
target keywords: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86

The following are also needed at the same time for safe stabilization:
=sys-fs/udev-151-r4 (bug 324507)
=sys-fs/cryptsetup-1.1.2 (bug 327689)

Comment 2 Paweł Hajdan, Jr. (RETIRED) 2010-08-24 02:11:40 UTC

x86 stable

Comment 3 Markos Chandras (RETIRED) 2010-08-24 22:04:31 UTC

amd64 done

Comment 4 Jeroen Roovers (RETIRED) 2010-08-25 16:28:09 UTC

(In reply to comment #1)
> =sys-fs/udev-151-r4 (bug 324507)

HPPA needs a glibc patch before >sys-fs/udev-146 works properly.

Comment 5 Markus Meier 2010-08-28 08:08:58 UTC

arm stable

Comment 6 Raúl Porcel (RETIRED) 2010-08-28 19:10:59 UTC

alpha/ia64/s390/sh/sparc stable

@amd64: the version requested is .73, not .72

Comment 7 Markos Chandras (RETIRED) 2010-08-28 22:38:24 UTC

(In reply to comment #6)
> alpha/ia64/s390/sh/sparc stable
> 
> @amd64: the version requested is .73, not .72
> 

Sorry my bad :-/ 

amd64 done again

Comment 8 Tony Vroon (RETIRED) 2010-09-01 15:35:19 UTC

Arches, please stable 2.02.73-r1 which fixes a linking bug that breaks snapshotting. See bug #335205 for further information.

Comment 9 Tony Vroon (RETIRED) 2010-09-01 16:09:24 UTC

+  01 Sep 2010; <chainsaw@gentoo.org> lvm2-2.02.73-r1.ebuild:
+  Fast tracking to AMD64 stable, --as-needed breakage fixed by Diego E.
+  "Flameeyes" Pettenò; closes bug #335205. For security bug #327689.

Comment 10 Stefan Behte (RETIRED) 2010-09-01 20:06:09 UTC

CVE-2010-2526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526):
  The cluster logical volume manager daemon (clvmd) in lvm2-cluster in
  LVM2 before 2.02.72, as used in Red Hat Global File System (GFS) and
  other products, does not verify client credentials upon a socket
  connection, which allows local users to cause a denial of service
  (daemon exit or logical-volume change) or possibly have unspecified
  other impact via crafted control commands.

Comment 11 Paweł Hajdan, Jr. (RETIRED) 2010-09-03 04:29:53 UTC

x86 stable

Comment 12 Raúl Porcel (RETIRED) 2010-09-04 11:22:59 UTC

alpha/arm/ia64/s390/sh/sparc stable

Comment 13 Brent Baude (RETIRED) 2010-09-06 20:42:14 UTC

ppc64 done

Comment 14 Samuli Suominen (RETIRED) 2010-09-07 10:57:06 UTC

(In reply to comment #13)
> ppc64 done
> 

ppc64 stabilized wrong version, should be 2.02.73-r1

Comment 15 Joe Jezak (RETIRED) 2010-09-09 03:23:51 UTC

Marked ppc/ppc64 (the right version) stable.

Comment 16 Jeroen Roovers (RETIRED) 2010-10-29 06:19:29 UTC

Stable for HPPA.

Comment 17 Tim Sammut (RETIRED) 2010-11-19 07:10:45 UTC

@ppc64, are you able to stabilize =sys-fs/2.02.73-r1 ? 

Thank you.

Comment 18 Brent Baude (RETIRED) 2010-11-25 15:31:35 UTC

ppc64 done

Comment 19 Tim Sammut (RETIRED) 2010-11-25 15:35:12 UTC

GLSA request filed.

Comment 20 Robin Johnson 2011-09-13 06:41:25 UTC

security:
what is the status of this?

Comment 21 Tim Sammut (RETIRED) 2011-09-13 15:42:33 UTC

@ppc, looks like we missed this somehow. Please stabilize =sys-fs/lvm2-2.02.73-r1. Thank you.


(In reply to comment #20)
> security:
> what is the status of this?

Robin, are you referring to the missed ppc stabilization, or something else?

Comment 22 Kacper Kowalik (Xarthisius) (RETIRED) 2011-09-22 11:33:06 UTC

ppc stable, last arch done

Comment 23 Tim Sammut (RETIRED) 2011-09-22 14:18:35 UTC

Thanks again, folks. Reverting to [glsa].

Comment 24 Robin Johnson 2012-03-27 02:37:57 UTC

security:
this has been pending a GLSA for many months now?

Comment 25 GLSAMaker/CVETool Bot 2014-12-12 00:35:58 UTC

This issue was resolved and addressed in
 GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).