lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20060815075646.AA944FDE9@finlandia.home.infodrom.org> Date: Tue, 15 Aug 2006 09:56:46 +0200 (CEST) From: joey@...odrom.org (Martin Schulze) To: debian-security-announce@...ts.debian.org (Debian Security Announcements) Cc: Subject: [SECURITY] [DSA 1151-1] New heartbeat packages fix denial of service -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1151-1 security@...ian.org http://www.debian.org/security/ Martin Schulze August 15th, 2006 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : heartbeat Vulnerability : out-of-bounds read Problem type : remote Debian-specific: no CVE ID : CVE-2006-3121 Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the subsystem for High-Availability Linux. This could be used by a remote attacker to cause a denial of service. For the stable distribution (sarge) this problem has been fixed in version 1.2.3-9sarge6. For the unstable distribution (sid) this problem has been fixed in version 1.2.4-14 and heartbeat-2 2.0.6-2. We recommend that you upgrade your heartbeat packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.dsc Size/MD5 checksum: 881 d083828302c007e3f48d23c00b971c4a http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.diff.gz Size/MD5 checksum: 272913 34f413808e51132452d097a4439c427b http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz Size/MD5 checksum: 1772513 9fd126e5dff51cc8c1eee223c252a4af Architecture independent components: http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge6_all.deb Size/MD5 checksum: 45592 c3a399270f0058e117a45d0de5a8a4d8 Alpha architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 574520 d195b85287c1fb7da669425b7b39257e http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 150886 f9bf2b4ad7dfb76ec7a4596beb5d1469 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 71162 96345eb81faf3fe5bd4277052be2c0f0 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 54188 9e2c557050aa18440b4913ec34906aba http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 31346 377df9bb5df6f3cacb74b7c1671b7be2 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 94380 9d03b1b411072b410327045060c7a56b http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_alpha.deb Size/MD5 checksum: 31808 4bfb4c6237b41a03e795258702b35825 AMD64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 531482 fd87fc8f357157fa31e62b5fb008dbb8 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 126342 90642418d9d22026f49bc093998c0485 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 61970 f4105bf377ade8b92964608cd5dfefe8 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 52664 8af92202a899dc12877dbfa293166e4b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 30182 f1f0b78a04840285cef5cbe17e05fef7 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 89204 310ae86ee33e1073374fb4793414e42f http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_amd64.deb Size/MD5 checksum: 31214 d9de528bb5eed624ffe662293998adaa ARM architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 498570 736f6ac4023d1305cd425873ef3ca883 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 123844 4ba7d987dc59211a092e43ab46f17852 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 63450 4770eeb7b8625657279740741adf20c3 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 49306 eb6b5496908099e80445552bde0f979c http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 30076 f289bfe886db5e5ea1ad741aa450e0ee http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 77666 5536846297be58cece4c573b19e54641 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_arm.deb Size/MD5 checksum: 30502 c643322be02c29b587c5ad58f7fa2a58 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 493820 a9fa59fd95800b1b3cba55fc496af823 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 117884 7dc7c013ac2ef041cfc427a5765fe581 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 59166 27f8e46499ec8714e084980592c05073 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 48344 a735cc6d2e9ec8285551f2acc5c14e33 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 29822 e937918722380aafd408b7ef18f95089 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 79418 ec35f3a3adb54b898419f5a26226c94f http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_i386.deb Size/MD5 checksum: 30664 993f4504ea2f4586b237d70242f36de9 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 648352 2a4f6375e4149d6006de43a34f7adfe7 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 152936 f29e6683b8736c743f0d4a08f1951b47 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 74414 037149137986bd16ceeb33c7b5f0f60b http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 62668 cd7e4868ff73730cf9487cf2292ed27e http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 31476 6b6a8a08f8af10b6b2d42efb5c146c52 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 104846 cb1c38107bc784f3ab4c652473edf077 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_ia64.deb Size/MD5 checksum: 32728 f66c4a631e28f00879a2d60e11e6f7f3 HP Precision architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 550676 067f08c90c1111ae0cbbec080f909512 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 136172 d7da401f120cdb124d2e681849083f9e http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 68464 ae4adbbf6202f4588f10704dba795dc5 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 55824 2bcaf92a27603cdeb992c0d6bf71356b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 30588 864b8953d61caa9cb6ffbb696cc927a5 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 93064 a7fbaa226bd1252b069332938a88947a http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_hppa.deb Size/MD5 checksum: 31668 d061190a34802c9d2a7ea3c9f1d88498 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 480790 840769425f55c6cdd97507b3bfb6f142 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 113788 9f1e8590fa5de4a876e3897a7d32155f http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 56760 78749698fa2aff0880049b3cbfdee08c http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 48550 45e314c58b86fc6ccf4e628d7377ef83 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 29718 f5d66cb3b2a122eef39f0f3fbd414403 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 82178 83e95fed1f013ddf358156de838e8bad http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_m68k.deb Size/MD5 checksum: 30494 6a7a6905a2335422ae31dfcf4d879379 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 536554 3377cffae67bab58654d92d080ea1697 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 132814 757e3712c557b447565fb9cc6a205eab http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 65738 fc92cf20294b757c4d2cfc0a344b5902 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 48604 24052fc62dd7aff3924c5a85f6ef1b15 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 30410 ef396d9f75cffd648a713b1a3c362812 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 80896 77752bc698895f18a0e429744a633eb4 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mips.deb Size/MD5 checksum: 32884 f468efecd8ff46d4a90b83cd4894fcfd Little endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 537074 4df7e373140e290919a7004dc3790d9c http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 132952 3865ec5c0071bd7f6ce401add6b959dd http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 65512 7083e53ffe0d9a3cb78213633c2af1f8 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 48828 11a5cce8684fcc8149eda6eaf9620803 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 30446 0fb61518677f26b3c2878d0714790d9c http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 80810 c2398611934c12275098f09694e5ac9f http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mipsel.deb Size/MD5 checksum: 32870 32cc6fce3014529096411756b4d57945 PowerPC architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 556184 5891968d5eba4ea2f9a476909250821b http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 127844 ba8968c6108b491eef2e044a1d56d2a1 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 62070 82a343e85907f67ab852fd15cd3d75a6 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 53762 218b913d3ed1ec934bfc31fefb516fba http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 30322 00be4caa2fb72c2637f0e282e5aa24ea http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 98990 eab1bda109b6ed16d6c7c2eb25befe8a http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_powerpc.deb Size/MD5 checksum: 33488 abed7e73d85b30cb5979e9ea110a2ba2 IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 530588 d0aac8ee9b90ebc7bea535d5ff9ae783 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 126948 33afc772ebcb54f29445be2d09e46f2a http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 62658 d4d7b32388054c0d196f4886eaa88c36 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 53116 c049b56da5442a203b031004fa5e9b91 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 30202 1d809e534f02fb026266ef8abbe437f4 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 85100 d2a18af5ce9e92fbc2e924d54770b99a http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_s390.deb Size/MD5 checksum: 31156 9bc1139f0dee68e3e258e01e26cfdd6a Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 501106 292fbdbaa991897731c6c0fbdd37562d http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 121414 69a8f299f2ee1e7110a5ccdfdbf2a028 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 63206 51dcb360568d37a8fcfc0d8f97a5230b http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 50292 b22dbb2ddb648c648d41d8fd094fc3d3 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 30050 03839874b8c50ad7ff58b58bcbdbad06 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 81448 44b58ff3dae2fabd018cd89864219250 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_sparc.deb Size/MD5 checksum: 30592 f6c6d3008225e0266a8e0974c03043e9 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFE4X4+W5ql+IAeqTIRAmYnAJ9HrFOA7q8pCgTroWAuoivKlZgYnQCff9oO kLf7CMca+mjUGijgffldSMY= =N1Q7 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/