Bug 152842
Summary: | CAN-2004-0972 LVM "lvmcreate_initrd" Script Insecure Temporary File Creation | ||
---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Lawrence <dkl> |
Component: | lvm | Assignee: | Fedora Legacy Bugs <bugs> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | pekkas |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/13083/ | ||
Whiteboard: | 1, LEGACY, rh73, rh90 | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-07-24 14:54:30 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
David Lawrence
2005-03-30 23:29:22 UTC
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from RHL bugzilla, and look OK +PUBLISH RHL73,RHL9,FC1 8225c52f86a7ef93bd1b0526de6f77e387986efd lvm-1.0.3-12.1.legacy.src.rpm 8df365a8f369ac9c4ef86f22a21ae17d63d58e51 lvm-1.0.3-13.1.legacy.src.rpm 85779c6ecce079fffd3ff98abfc73a697596849e lvm-1.0.3-4.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFCYTjcGHbTkzxSL7QRAmkjAKDNwksgq6tja7STZOP0E7uRZV5OdwCfbguj qC19K7SUrtonD583z6jgSII= =RJKs -----END PGP SIGNATURE----- Packages were pushed to updates-testing -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 3f66e70eef52374a49d9ab4dc87ec1ada14dec32 lvm-1.0.3-12.1.legacy.i386.rpm installs OK. this is a tricky one, as although i have it installed, it's only because mkinitrd requires it. i don't use it. so i can't give a wholehearted +VERIFY, for which i apologise. but it does install OK, and the system hasn't died horribly, so you might wish to use this as a second verify if another, real, RH9 verify comes along. someone let me know if this is a completely-useless report, and i won't make any more such. +VERIFISH RH9 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCe9y9ePtvKV31zw4RAkT5AKCjJ0O0V1PhvbUTbfHKsz/M0BM9cgCgmYg6 8ks8HRAlNMf83r9+RHZshic= =N2re -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ++VERIFY for RHL 9 Packages: lvm-1.0.3-12.1.legacy.i386.rpm SHA1 checksums all match test update advisory. Signatures verify okay. I installed the update on a RHL 9 machine which uses LVM for all filesystems except the root file system. This machine is used daily by me for hours per day. Had no installation problems. All worked as expected. Saw no obvious problems or issues after a few days of use (normal use, reboot, mkinitrd, reboot, backups via amanda+dump, etc). Did not verify vulnerability was fixed, just that the package works and doesn't cause problems for me. Vote for release for RHL 9. ++VERIFY -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCxbnm4jZRbknHoPIRAjVPAKCfpfzwtcxdMrgjQe5RTOgICCHAwQCgmUnB F3LdTWRq7AwZVr7343b5gpc= =MB3e -----END PGP SIGNATURE----- Verifish + verify, I'll interpret this as two verifies :) Timeout over. These have been officially released. |