lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20060728070342.5B813FDE7@finlandia.home.infodrom.org>
Date: Fri, 28 Jul 2006 09:03:42 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: debian-security-announce@...ts.debian.org (Debian Security Announcements)
Cc: 
Subject: [SECURITY] [DSA 1128-1] New heartbeat packages
	fix local denial of service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1128-1                    security@...ian.org
http://www.debian.org/security/                             Martin Schulze
July 28th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : permission error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-3815

Yan Rong Ge discovered that wrong permissions on a shared memory page
in heartbeat, the subsystem for High-Availability Linux could be
exploited by a local attacker to cause a denial of service.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.3-9sarge5.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your heartbeat packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc
      Size/MD5 checksum:      881 e2316605a229d2010d73f5a6010cd6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz
      Size/MD5 checksum:   272592 192d3f12c3760f390f1e6c8a3dba468b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb
      Size/MD5 checksum:    45524 7d2337e5b9688348a3138eba7e59e205

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:   574460 9847e433ad0571780e0cc5e816b47e2a
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:   150810 01833ce04b35dda6c00378f4f562c0a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    71086 d4215fb2936d0fb00c7795bb3b15f3f2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    54118 3728d492248c4466325307599e7dff4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    31278 94d4e6361b439de7c31c24e437db32c5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    94306 8db0b3e8359f591d41fb9e93f45c79d1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum:    31736 a7dc62066661195edf8fb02149bc4082

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:   531406 8ed054c572a31b95cb0244bdb52d8a9e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:   126298 1cba6c5a3e1f30454774f25a0c64ad1b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    61920 8db8ad7a24c1d1d61c2f0f7394022e28
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    52610 31bc190e7467287595e869c3f18bf52b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    30124 09089f6d255cbde687038b769d2fecce
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    89148 6311c04b2d921525936174618470903e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum:    31160 14cda7586145fa6f96a233c355f88f69

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:   498476 4369ea208be3d589ec2e316685620986
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:   123784 dccd3509cc873ce72485570228d2a6d9
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    63378 94641c17b4e3fed4824d899474c6e3ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    49238 979725f820f3325ee692ed145867b5ad
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    30018 8938e174a8c2c3dc06c6862140c72e5a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    77600 88ecf9e470daf707df6e894c3d1b79ad
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum:    30442 2666a892d264498661431a05dc823f7d

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:   493780 6eaa72e123ef20320d2b383b6ed2c722
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:   117784 f4626f8e9352fdc9b1336a573698a845
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    59098 fdb08a2d7a22ca675b6403ae3b7d1329
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    48276 f3e32c9b71a4c53e2daf3fc5266e1324
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    29750 e43b664896db04159a225dab1be04165
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    79358 af9540fe562a354a661096f9b4f30e89
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum:    30594 a1eaa1216c6ea8084c84d9871ad5f804

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   648316 384b63cb0ce2fb36ec41845d70f4376d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   152850 40244f1af6fe85a4266b43c6ab84f33d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    74340 e16ddc3837a2642b4f55828ed382a50e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    62588 3915b611f0bb05283bab465752970664
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    31410 f8c770b349aee38eb0fe6a1a3a1b508d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:   104774 beea35899d07dc042d07e7f06d3281c4
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum:    32668 6a1bcf82b90ba71697d8ee46d1353cf1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:   550630 3c9f7a2a70304891e40fefac094c43de
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:   136092 96ac45ef564317a48f091b5c41418dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    68394 6146733cb8716e17c134f7d2364fbb0e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    55760 21ada52d116ff08c35bc922d581b411a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    30522 076ef9300f2b4fe6f8455560b45ad6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    92992 dd2867a5ec53891bb1ac614d2f602ba1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum:    31604 c4442dc502285bc3885be02eca1642a2

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:   480728 cd80ece0f8ab57b5a1a749562f6712aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:   113722 341f1d6845b7fe927b59ca6aa556434c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    56702 1d41a8bf1a1eafff34cb1b3e6fd1c62d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    48494 a0116b63431904bb0b52f603c2561b40
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    29650 5e38602c4a8dd757d5211faa1a394cef
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    82124 86c2ea4de5365d2a68c7552136f8cf85
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum:    30438 2ea96995e6ad25b4642e863ca9dbb72a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:   536454 a87ed4e47692e431c08799c49306374f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:   132758 fe96f80213beced3e727f4480a88160f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    65676 d0621bcf15a88452f2a0a52b0c62a103
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    48544 2b988b58949a9bc0f4bae57ead80d2c7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    30350 a8ee448b80728ef7b367f8cfa8737fe1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    80816 7cd8f0f8d0f5edb34156598d94711170
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum:    32822 4a138abded7028692b82cfa946b117cb

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:   537002 8598c58f2402ad8825bf8f3df4c151a7
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:   132912 34e457d7ef19866d3db2bb2fc59ce1fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    65460 3ce0d1a87ab3beb0f7c48d34a11cd2c3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    48772 c642145166fa191c187c7ae6f25e279b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    30392 de240c2b6810179ada953f654d52d175
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    80754 aac5c4e257902dd4fc7dbf433981ee49
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum:    32808 b24f0832f4ebb7b5b1cfc6d9ab446c99

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:   556148 302f0b74bdd56165b94b01a9bb90a42d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:   127788 9b47664201dd587adcf9bf77f731a8a3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    61998 7c756384c43d1eaca20e620e6f1a4094
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    53702 d2346f5245b0582c62682e5c9cf15bac
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    30254 f71d058dae3548339e8ee6c6fbfeee02
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    98912 ad975e3342e9c7307db563fa934ed4d5
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum:    33424 fcab2de5e474005a2d45845aa9fe05a1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:   530550 190c0f55b3e2382cfd62bdfe1d70401f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:   126878 1aeb5190ee76ab5d23b947f02ebbdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    62596 3ed233dec951d3c8f5a9e2a82451f97e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    53062 d736264ebc8ccc0377a03bb6b8657ee2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    30124 86c4a1c40b11a78128d780a6449343c9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    85028 6fa09db025548cb563a9def7956b24bc
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum:    31096 8f7aa5931d770cca199f0ecd367cf208

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:   501034 943e6749e409d159828c23844d24b572
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:   121342 ddde9f790ac4fb7c85c4b637d6b0fcfb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    63140 81e1bca4e8d3658045703b6270fc1c46
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    50226 009a9ab68cb128442d4ac63f63be401c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    29988 99b51b32a1202fdb842ffefecfa2df24
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    81390 fda21b3d7591335fe5feb3c19dd1f040
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum:    30528 0f3d32f0738ade94a602d6402fef0f92


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEybbNW5ql+IAeqTIRAqTYAJ0aY9C6J+zO1ysJkieABSwVX1G5ZQCgnDUN
59OUd52w+83hAziPtvHSGtU=
=INv7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ