lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20060728070342.5B813FDE7@finlandia.home.infodrom.org> Date: Fri, 28 Jul 2006 09:03:42 +0200 (CEST) From: joey@...odrom.org (Martin Schulze) To: debian-security-announce@...ts.debian.org (Debian Security Announcements) Cc: Subject: [SECURITY] [DSA 1128-1] New heartbeat packages fix local denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1128-1 security@...ian.org http://www.debian.org/security/ Martin Schulze July 28th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : heartbeat Vulnerability : permission error Problem type : local Debian-specific: no CVE ID : CVE-2006-3815 Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service. For the stable distribution (sarge) this problem has been fixed in version 1.2.3-9sarge5. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your heartbeat packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc Size/MD5 checksum: 881 e2316605a229d2010d73f5a6010cd6aa http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz Size/MD5 checksum: 272592 192d3f12c3760f390f1e6c8a3dba468b http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz Size/MD5 checksum: 1772513 9fd126e5dff51cc8c1eee223c252a4af Architecture independent components: http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb Size/MD5 checksum: 45524 7d2337e5b9688348a3138eba7e59e205 Alpha architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 574460 9847e433ad0571780e0cc5e816b47e2a http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 150810 01833ce04b35dda6c00378f4f562c0a1 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 71086 d4215fb2936d0fb00c7795bb3b15f3f2 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 54118 3728d492248c4466325307599e7dff4d http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 31278 94d4e6361b439de7c31c24e437db32c5 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 94306 8db0b3e8359f591d41fb9e93f45c79d1 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 31736 a7dc62066661195edf8fb02149bc4082 AMD64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 531406 8ed054c572a31b95cb0244bdb52d8a9e http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 126298 1cba6c5a3e1f30454774f25a0c64ad1b http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 61920 8db8ad7a24c1d1d61c2f0f7394022e28 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 52610 31bc190e7467287595e869c3f18bf52b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 30124 09089f6d255cbde687038b769d2fecce http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 89148 6311c04b2d921525936174618470903e http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 31160 14cda7586145fa6f96a233c355f88f69 ARM architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 498476 4369ea208be3d589ec2e316685620986 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 123784 dccd3509cc873ce72485570228d2a6d9 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 63378 94641c17b4e3fed4824d899474c6e3ed http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 49238 979725f820f3325ee692ed145867b5ad http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 30018 8938e174a8c2c3dc06c6862140c72e5a http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 77600 88ecf9e470daf707df6e894c3d1b79ad http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 30442 2666a892d264498661431a05dc823f7d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 493780 6eaa72e123ef20320d2b383b6ed2c722 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 117784 f4626f8e9352fdc9b1336a573698a845 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 59098 fdb08a2d7a22ca675b6403ae3b7d1329 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 48276 f3e32c9b71a4c53e2daf3fc5266e1324 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 29750 e43b664896db04159a225dab1be04165 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 79358 af9540fe562a354a661096f9b4f30e89 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 30594 a1eaa1216c6ea8084c84d9871ad5f804 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 648316 384b63cb0ce2fb36ec41845d70f4376d http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 152850 40244f1af6fe85a4266b43c6ab84f33d http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 74340 e16ddc3837a2642b4f55828ed382a50e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 62588 3915b611f0bb05283bab465752970664 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 31410 f8c770b349aee38eb0fe6a1a3a1b508d http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 104774 beea35899d07dc042d07e7f06d3281c4 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 32668 6a1bcf82b90ba71697d8ee46d1353cf1 HP Precision architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 550630 3c9f7a2a70304891e40fefac094c43de http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 136092 96ac45ef564317a48f091b5c41418dae http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 68394 6146733cb8716e17c134f7d2364fbb0e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 55760 21ada52d116ff08c35bc922d581b411a http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 30522 076ef9300f2b4fe6f8455560b45ad6aa http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 92992 dd2867a5ec53891bb1ac614d2f602ba1 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 31604 c4442dc502285bc3885be02eca1642a2 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 480728 cd80ece0f8ab57b5a1a749562f6712aa http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 113722 341f1d6845b7fe927b59ca6aa556434c http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 56702 1d41a8bf1a1eafff34cb1b3e6fd1c62d http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 48494 a0116b63431904bb0b52f603c2561b40 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 29650 5e38602c4a8dd757d5211faa1a394cef http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 82124 86c2ea4de5365d2a68c7552136f8cf85 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 30438 2ea96995e6ad25b4642e863ca9dbb72a Big endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 536454 a87ed4e47692e431c08799c49306374f http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 132758 fe96f80213beced3e727f4480a88160f http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 65676 d0621bcf15a88452f2a0a52b0c62a103 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 48544 2b988b58949a9bc0f4bae57ead80d2c7 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 30350 a8ee448b80728ef7b367f8cfa8737fe1 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 80816 7cd8f0f8d0f5edb34156598d94711170 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 32822 4a138abded7028692b82cfa946b117cb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 537002 8598c58f2402ad8825bf8f3df4c151a7 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 132912 34e457d7ef19866d3db2bb2fc59ce1fb http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 65460 3ce0d1a87ab3beb0f7c48d34a11cd2c3 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 48772 c642145166fa191c187c7ae6f25e279b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 30392 de240c2b6810179ada953f654d52d175 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 80754 aac5c4e257902dd4fc7dbf433981ee49 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 32808 b24f0832f4ebb7b5b1cfc6d9ab446c99 PowerPC architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 556148 302f0b74bdd56165b94b01a9bb90a42d http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 127788 9b47664201dd587adcf9bf77f731a8a3 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 61998 7c756384c43d1eaca20e620e6f1a4094 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 53702 d2346f5245b0582c62682e5c9cf15bac http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 30254 f71d058dae3548339e8ee6c6fbfeee02 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 98912 ad975e3342e9c7307db563fa934ed4d5 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 33424 fcab2de5e474005a2d45845aa9fe05a1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 530550 190c0f55b3e2382cfd62bdfe1d70401f http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 126878 1aeb5190ee76ab5d23b947f02ebbdf94 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 62596 3ed233dec951d3c8f5a9e2a82451f97e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 53062 d736264ebc8ccc0377a03bb6b8657ee2 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 30124 86c4a1c40b11a78128d780a6449343c9 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 85028 6fa09db025548cb563a9def7956b24bc http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 31096 8f7aa5931d770cca199f0ecd367cf208 Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 501034 943e6749e409d159828c23844d24b572 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 121342 ddde9f790ac4fb7c85c4b637d6b0fcfb http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 63140 81e1bca4e8d3658045703b6270fc1c46 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 50226 009a9ab68cb128442d4ac63f63be401c http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 29988 99b51b32a1202fdb842ffefecfa2df24 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 81390 fda21b3d7591335fe5feb3c19dd1f040 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 30528 0f3d32f0738ade94a602d6402fef0f92 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEybbNW5ql+IAeqTIRAqTYAJ0aY9C6J+zO1ysJkieABSwVX1G5ZQCgnDUN 59OUd52w+83hAziPtvHSGtU= =INv7 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/