Updated dump packages that address two security issues are now available
for CentOS Linux 2.1.
This update has been rated as having low security impact by the CentOS
Security Response Team.
Dump examines files in a file system, determines which ones need to be
backed up, and copies those files to a specified disk, tape, or other
A flaw was found with dump file locking. A malicious local user could
manipulate the file lock in such a way as to prevent dump from running.
The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2002-1914 to this issue.
Users of dump should upgrade to these erratum packages, which contain a
patch to resolve this issue.