DSA-2095-1 lvm2 -- insecure communication protocolID: oval:org.secpod.oval:def:600012 | Date: (C)2011-01-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Alasdair Kergon discovered that the cluster logical volume manager daemon in lvm2, The Linux Logical Volume Manager, does not verify client credentials upon a socket connection, which allows local users to cause a denial of service. For the stable distribution , this problem has been fixed in version 2.02.39-8 For the testing distribution , and the unstable distribution , this problem has been fixed in version 2.02.66-3 We recommend that you upgrade your lvm2 package.