[SECURITY] Fedora 14 Update: lvm2-2.02.73-1.fc14

updates at fedoraproject.org updates at fedoraproject.org
Thu Sep 2 03:57:01 UTC 2010

Fedora Update Notification
2010-08-20 18:38:16

Name        : lvm2
Product     : Fedora 14
Version     : 2.02.73
Release     : 1.fc14
URL         : http://sources.redhat.com/lvm2
Summary     : Userland logical volume management tools
Description :
LVM2 includes all of the support for handling read/write operations on
physical volumes (hard disks, RAID-Systems, magneto optical, etc.,
multiple devices (MD), see mdadd(8) or even loop devices, see
losetup(8)), creating volume groups (kind of virtual disks) from one
or more physical volumes and creating one or more logical volumes
(kind of logical partitions) in volume groups.

Update Information:

This update fixes some minor problems as listed in the changelog.    To improve
performance, Logical Volumes will be aligned at 1MB boundaries by default now on
any newly-created Physical Volumes that don't report a preferred alignment to
the O/S. This update addresses a security problem when using the clustered LVM
daemon clvmd from the package lvm2-cluster on systems where you have non-root
users.    The lvm2 package on its own is not vulnerable to this problem but if
you are using lvm2-cluster you must update both together.    Further details are
given in the Red Hat Bugzilla:      https://bugzilla.redhat.com/CVE-2010-2526
After updating the packages, make sure that clvmd restarted itself.    This
update also includes several other important bug fixes - see the detailed

  [ 1 ] Bug #614248 - CVE-2010-2526 lvm2-cluster: insecurity when communicating between lvm2 and clvmd

This update can be installed with the "yum" update program.  Use 
su -c 'yum update lvm2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list