LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New heartbeat packages fix denial of service Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Updated package.
- --------------------------------------------------------------------------
Debian Security Advisory DSA 1151-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 15th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : out-of-bounds read
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3121

Yan Rong Ge discovered out-of-boundary memory access in heartbeat, the
subsystem for High-Availability Linux.  This could be used by a remote
attacker to cause a denial of service.

For the stable distribution (sarge) this problem has been fixed in
version 1.2.3-9sarge6.

For the unstable distribution (sid) this problem has been fixed in
version 1.2.4-14 and heartbeat-2 2.0.6-2.

We recommend that you upgrade your heartbeat packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.dsc
      Size/MD5 checksum:      881 d083828302c007e3f48d23c00b971c4a
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6.diff.gz
      Size/MD5 checksum:   272913 34f413808e51132452d097a4439c427b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge6_all.deb
      Size/MD5 checksum:    45592 c3a399270f0058e117a45d0de5a8a4d8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:   574520 d195b85287c1fb7da669425b7b39257e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:   150886 f9bf2b4ad7dfb76ec7a4596beb5d1469
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:    71162 96345eb81faf3fe5bd4277052be2c0f0
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:    54188 9e2c557050aa18440b4913ec34906aba
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:    31346 377df9bb5df6f3cacb74b7c1671b7be2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:    94380 9d03b1b411072b410327045060c7a56b
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_alpha.deb
      Size/MD5 checksum:    31808 4bfb4c6237b41a03e795258702b35825

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:   531482 fd87fc8f357157fa31e62b5fb008dbb8
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:   126342 90642418d9d22026f49bc093998c0485
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:    61970 f4105bf377ade8b92964608cd5dfefe8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:    52664 8af92202a899dc12877dbfa293166e4b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:    30182 f1f0b78a04840285cef5cbe17e05fef7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:    89204 310ae86ee33e1073374fb4793414e42f
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_amd64.deb
      Size/MD5 checksum:    31214 d9de528bb5eed624ffe662293998adaa

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:   498570 736f6ac4023d1305cd425873ef3ca883
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:   123844 4ba7d987dc59211a092e43ab46f17852
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:    63450 4770eeb7b8625657279740741adf20c3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:    49306 eb6b5496908099e80445552bde0f979c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:    30076 f289bfe886db5e5ea1ad741aa450e0ee
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:    77666 5536846297be58cece4c573b19e54641
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_arm.deb
      Size/MD5 checksum:    30502 c643322be02c29b587c5ad58f7fa2a58

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:   493820 a9fa59fd95800b1b3cba55fc496af823
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:   117884 7dc7c013ac2ef041cfc427a5765fe581
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:    59166 27f8e46499ec8714e084980592c05073
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:    48344 a735cc6d2e9ec8285551f2acc5c14e33
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:    29822 e937918722380aafd408b7ef18f95089
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:    79418 ec35f3a3adb54b898419f5a26226c94f
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_i386.deb
      Size/MD5 checksum:    30664 993f4504ea2f4586b237d70242f36de9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:   648352 2a4f6375e4149d6006de43a34f7adfe7
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:   152936 f29e6683b8736c743f0d4a08f1951b47
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:    74414 037149137986bd16ceeb33c7b5f0f60b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:    62668 cd7e4868ff73730cf9487cf2292ed27e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:    31476 6b6a8a08f8af10b6b2d42efb5c146c52
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:   104846 cb1c38107bc784f3ab4c652473edf077
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_ia64.deb
      Size/MD5 checksum:    32728 f66c4a631e28f00879a2d60e11e6f7f3

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:   550676 067f08c90c1111ae0cbbec080f909512
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:   136172 d7da401f120cdb124d2e681849083f9e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:    68464 ae4adbbf6202f4588f10704dba795dc5
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:    55824 2bcaf92a27603cdeb992c0d6bf71356b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:    30588 864b8953d61caa9cb6ffbb696cc927a5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:    93064 a7fbaa226bd1252b069332938a88947a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_hppa.deb
      Size/MD5 checksum:    31668 d061190a34802c9d2a7ea3c9f1d88498

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:   480790 840769425f55c6cdd97507b3bfb6f142
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:   113788 9f1e8590fa5de4a876e3897a7d32155f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:    56760 78749698fa2aff0880049b3cbfdee08c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:    48550 45e314c58b86fc6ccf4e628d7377ef83
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:    29718 f5d66cb3b2a122eef39f0f3fbd414403
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:    82178 83e95fed1f013ddf358156de838e8bad
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_m68k.deb
      Size/MD5 checksum:    30494 6a7a6905a2335422ae31dfcf4d879379

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:   536554 3377cffae67bab58654d92d080ea1697
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:   132814 757e3712c557b447565fb9cc6a205eab
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:    65738 fc92cf20294b757c4d2cfc0a344b5902
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:    48604 24052fc62dd7aff3924c5a85f6ef1b15
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:    30410 ef396d9f75cffd648a713b1a3c362812
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:    80896 77752bc698895f18a0e429744a633eb4
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mips.deb
      Size/MD5 checksum:    32884 f468efecd8ff46d4a90b83cd4894fcfd

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:   537074 4df7e373140e290919a7004dc3790d9c
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:   132952 3865ec5c0071bd7f6ce401add6b959dd
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:    65512 7083e53ffe0d9a3cb78213633c2af1f8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:    48828 11a5cce8684fcc8149eda6eaf9620803
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:    30446 0fb61518677f26b3c2878d0714790d9c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:    80810 c2398611934c12275098f09694e5ac9f
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_mipsel.deb
      Size/MD5 checksum:    32870 32cc6fce3014529096411756b4d57945

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:   556184 5891968d5eba4ea2f9a476909250821b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:   127844 ba8968c6108b491eef2e044a1d56d2a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:    62070 82a343e85907f67ab852fd15cd3d75a6
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:    53762 218b913d3ed1ec934bfc31fefb516fba
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:    30322 00be4caa2fb72c2637f0e282e5aa24ea
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:    98990 eab1bda109b6ed16d6c7c2eb25befe8a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_powerpc.deb
      Size/MD5 checksum:    33488 abed7e73d85b30cb5979e9ea110a2ba2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:   530588 d0aac8ee9b90ebc7bea535d5ff9ae783
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:   126948 33afc772ebcb54f29445be2d09e46f2a
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:    62658 d4d7b32388054c0d196f4886eaa88c36
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:    53116 c049b56da5442a203b031004fa5e9b91
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:    30202 1d809e534f02fb026266ef8abbe437f4
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:    85100 d2a18af5ce9e92fbc2e924d54770b99a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_s390.deb
      Size/MD5 checksum:    31156 9bc1139f0dee68e3e258e01e26cfdd6a

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:   501106 292fbdbaa991897731c6c0fbdd37562d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:   121414 69a8f299f2ee1e7110a5ccdfdbf2a028
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:    63206 51dcb360568d37a8fcfc0d8f97a5230b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:    50292 b22dbb2ddb648c648d41d8fd094fc3d3
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:    30050 03839874b8c50ad7ff58b58bcbdbad06
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:    81448 44b58ff3dae2fabd018cd89864219250
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge6_sparc.deb
      Size/MD5 checksum:    30592 f6c6d3008225e0266a8e0974c03043e9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.