Fedora 14 : lvm2-2.02.73-1.fc14 (2010-13239)

Medium Nessus Plugin ID 49074


The remote Fedora host is missing a security update.


This update fixes some minor problems as listed in the changelog. To improve performance, Logical Volumes will be aligned at 1MB boundaries by default now on any newly-created Physical Volumes that don't report a preferred alignment to the O/S. This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details are given in the Red Hat Bugzilla:
https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages, make sure that clvmd restarted itself. This update also includes several other important bug fixes - see the detailed changelog.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.


Update the affected lvm2 package.

See Also




Plugin Details

Severity: Medium

ID: 49074

File Name: fedora_2010-13239.nasl

Version: $Revision: 1.9 $

Type: local

Agent: unix

Published: 2010/09/02

Modified: 2015/10/20

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.6

Temporal Score: 4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:lvm2, cpe:/o:fedoraproject:fedora:14

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/08/20

Reference Information

CVE: CVE-2010-2526

BID: 42033

FEDORA: 2010-13239