Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2006.0521 -- [Debian] New heartbeat packages fix local denial of service 31 July 2006 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: heartbeat Publisher: Debian Operating System: Debian GNU/Linux 3.1 Linux variants Impact: Denial of Service Access: Existing Account CVE Names: CVE-2006-3815 Original Bulletin: http://www.debian.org/security/2006/dsa-1128 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 1128-1 security@debian.org http://www.debian.org/security/ Martin Schulze July 28th, 2006 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : heartbeat Vulnerability : permission error Problem type : local Debian-specific: no CVE ID : CVE-2006-3815 Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service. For the stable distribution (sarge) this problem has been fixed in version 1.2.3-9sarge5. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your heartbeat packages. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc Size/MD5 checksum: 881 e2316605a229d2010d73f5a6010cd6aa http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz Size/MD5 checksum: 272592 192d3f12c3760f390f1e6c8a3dba468b http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz Size/MD5 checksum: 1772513 9fd126e5dff51cc8c1eee223c252a4af Architecture independent components: http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb Size/MD5 checksum: 45524 7d2337e5b9688348a3138eba7e59e205 Alpha architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 574460 9847e433ad0571780e0cc5e816b47e2a http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 150810 01833ce04b35dda6c00378f4f562c0a1 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 71086 d4215fb2936d0fb00c7795bb3b15f3f2 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 54118 3728d492248c4466325307599e7dff4d http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 31278 94d4e6361b439de7c31c24e437db32c5 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 94306 8db0b3e8359f591d41fb9e93f45c79d1 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb Size/MD5 checksum: 31736 a7dc62066661195edf8fb02149bc4082 AMD64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 531406 8ed054c572a31b95cb0244bdb52d8a9e http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 126298 1cba6c5a3e1f30454774f25a0c64ad1b http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 61920 8db8ad7a24c1d1d61c2f0f7394022e28 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 52610 31bc190e7467287595e869c3f18bf52b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 30124 09089f6d255cbde687038b769d2fecce http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 89148 6311c04b2d921525936174618470903e http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb Size/MD5 checksum: 31160 14cda7586145fa6f96a233c355f88f69 ARM architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 498476 4369ea208be3d589ec2e316685620986 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 123784 dccd3509cc873ce72485570228d2a6d9 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 63378 94641c17b4e3fed4824d899474c6e3ed http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 49238 979725f820f3325ee692ed145867b5ad http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 30018 8938e174a8c2c3dc06c6862140c72e5a http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 77600 88ecf9e470daf707df6e894c3d1b79ad http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb Size/MD5 checksum: 30442 2666a892d264498661431a05dc823f7d Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 493780 6eaa72e123ef20320d2b383b6ed2c722 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 117784 f4626f8e9352fdc9b1336a573698a845 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 59098 fdb08a2d7a22ca675b6403ae3b7d1329 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 48276 f3e32c9b71a4c53e2daf3fc5266e1324 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 29750 e43b664896db04159a225dab1be04165 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 79358 af9540fe562a354a661096f9b4f30e89 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb Size/MD5 checksum: 30594 a1eaa1216c6ea8084c84d9871ad5f804 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 648316 384b63cb0ce2fb36ec41845d70f4376d http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 152850 40244f1af6fe85a4266b43c6ab84f33d http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 74340 e16ddc3837a2642b4f55828ed382a50e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 62588 3915b611f0bb05283bab465752970664 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 31410 f8c770b349aee38eb0fe6a1a3a1b508d http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 104774 beea35899d07dc042d07e7f06d3281c4 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb Size/MD5 checksum: 32668 6a1bcf82b90ba71697d8ee46d1353cf1 HP Precision architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 550630 3c9f7a2a70304891e40fefac094c43de http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 136092 96ac45ef564317a48f091b5c41418dae http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 68394 6146733cb8716e17c134f7d2364fbb0e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 55760 21ada52d116ff08c35bc922d581b411a http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 30522 076ef9300f2b4fe6f8455560b45ad6aa http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 92992 dd2867a5ec53891bb1ac614d2f602ba1 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb Size/MD5 checksum: 31604 c4442dc502285bc3885be02eca1642a2 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 480728 cd80ece0f8ab57b5a1a749562f6712aa http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 113722 341f1d6845b7fe927b59ca6aa556434c http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 56702 1d41a8bf1a1eafff34cb1b3e6fd1c62d http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 48494 a0116b63431904bb0b52f603c2561b40 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 29650 5e38602c4a8dd757d5211faa1a394cef http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 82124 86c2ea4de5365d2a68c7552136f8cf85 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb Size/MD5 checksum: 30438 2ea96995e6ad25b4642e863ca9dbb72a Big endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 536454 a87ed4e47692e431c08799c49306374f http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 132758 fe96f80213beced3e727f4480a88160f http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 65676 d0621bcf15a88452f2a0a52b0c62a103 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 48544 2b988b58949a9bc0f4bae57ead80d2c7 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 30350 a8ee448b80728ef7b367f8cfa8737fe1 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 80816 7cd8f0f8d0f5edb34156598d94711170 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb Size/MD5 checksum: 32822 4a138abded7028692b82cfa946b117cb Little endian MIPS architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 537002 8598c58f2402ad8825bf8f3df4c151a7 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 132912 34e457d7ef19866d3db2bb2fc59ce1fb http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 65460 3ce0d1a87ab3beb0f7c48d34a11cd2c3 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 48772 c642145166fa191c187c7ae6f25e279b http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 30392 de240c2b6810179ada953f654d52d175 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 80754 aac5c4e257902dd4fc7dbf433981ee49 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb Size/MD5 checksum: 32808 b24f0832f4ebb7b5b1cfc6d9ab446c99 PowerPC architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 556148 302f0b74bdd56165b94b01a9bb90a42d http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 127788 9b47664201dd587adcf9bf77f731a8a3 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 61998 7c756384c43d1eaca20e620e6f1a4094 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 53702 d2346f5245b0582c62682e5c9cf15bac http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 30254 f71d058dae3548339e8ee6c6fbfeee02 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 98912 ad975e3342e9c7307db563fa934ed4d5 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb Size/MD5 checksum: 33424 fcab2de5e474005a2d45845aa9fe05a1 IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 530550 190c0f55b3e2382cfd62bdfe1d70401f http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 126878 1aeb5190ee76ab5d23b947f02ebbdf94 http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 62596 3ed233dec951d3c8f5a9e2a82451f97e http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 53062 d736264ebc8ccc0377a03bb6b8657ee2 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 30124 86c4a1c40b11a78128d780a6449343c9 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 85028 6fa09db025548cb563a9def7956b24bc http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb Size/MD5 checksum: 31096 8f7aa5931d770cca199f0ecd367cf208 Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 501034 943e6749e409d159828c23844d24b572 http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 121342 ddde9f790ac4fb7c85c4b637d6b0fcfb http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 63140 81e1bca4e8d3658045703b6270fc1c46 http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 50226 009a9ab68cb128442d4ac63f63be401c http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 29988 99b51b32a1202fdb842ffefecfa2df24 http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 81390 fda21b3d7591335fe5feb3c19dd1f040 http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb Size/MD5 checksum: 30528 0f3d32f0738ade94a602d6402fef0f92 These files will probably be moved into the stable distribution on its next update. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEybbNW5ql+IAeqTIRAqTYAJ0aY9C6J+zO1ysJkieABSwVX1G5ZQCgnDUN 59OUd52w+83hAziPtvHSGtU= =INv7 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBRM2psCh9+71yA2DNAQLxuAP/a2UaqdbdETDTFD21bKctP3AcN10YiQn0 XqSD2BOA4bkIocuaa/c4QEKP76b2jc/nURMjwSxmO1ha5Onoz2+u/MjG+iwQV1c5 hSLNjVInN9dWCq9bqbTfxAy9yO2TULKSvAFOSqDO696OH8hPM23OLAQ2aU8ekwdY 74MhFOSPs48= =atin -----END PGP SIGNATURE-----