USN-15-1: lvm10 vulnerability
Posted on: 11/01/2004 07:14 PM

A lvm10 security update has been released for Ubuntu Linux 4.10

Ubuntu Security Notice USN-15-1 November 01, 2004
lvm10 vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:


The problem can be corrected by upgrading the affected package to version 1:1.0.8-4ubuntu1.1. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program
"lvmcreate_initrd" created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

Source archives:
Size/MD5: 27099 b87fc84fed491516e4e2057bc0652719
Size/MD5: 592 4d5e013f2fd7cbcc1c6bc5ff7366dc0a
Size/MD5: 373482 f8520b9e100970ff13328fd08eb64dcd

amd64 architecture (Athlon64, Opteron, EM64T Xeon)
Size/MD5: 148450 8816c86456067aeb7d9699e0b74622d7
Size/MD5: 2815002 12220b8d61f7337719319e0ba95dcb43

i386 architecture (x86 compatible Intel/AMD)
Size/MD5: 136026 e617dc5e7c0438b49d687555f8637cd0
Size/MD5: 2577444 163b80ba243d00485dd81eacd21f871f

powerpc architecture (Apple Macintosh G3/G4/G5)
Size/MD5: 166150 49d715de0b5e02f4b417941dba02f8a8
Size/MD5: 3290288 996737daaba53de763ae8138daf13f1b

Printed from Linux Compatible (