Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in heartbeat
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in heartbeat
ID: USN-165-1
Distribution: Ubuntu
Plattformen: Ubuntu 4.10, Ubuntu 5.04
Datum: Fr, 12. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2231
Applikationen: Linux-HA

Originalnachricht

 
--===============0775207302=	protocol="application/pgp-signature";
 boundary="AqsLC8rIMeq19msA"
Content-Disposition: inline


--AqsLC8rIMeq19msA
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-165-1	    August 11, 2005
heartbeat vulnerability
CAN-2005-2231
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

heartbeat

The problem can be corrected by upgrading the affected package to
version 1.2.2-8ubuntu0.1 (for Ubuntu 4.10), or 1.2.3-3ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Eric Romang discovered that heartbeat created temporary files in an
insecure manner. This could allow a symlink attack to create or
overwrite arbitrary files with root privileges as soon as heartbeat is
started.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    heartbeat_1.2.2-8ubuntu0.1.diff.gz
      Size/MD5:     7876 1f219e99881df0996134000f855d9339
    heartbeat_1.2.2-8ubuntu0.1.dsc
      Size/MD5:      862 9960ee62482cf244096c1601c34165b9
    heartbeat_1.2.2.orig.tar.gz
      Size/MD5:  1565941 2f6f177c7aebba34ba45a68deac41e37

  Architecture independent packages:

    ldirectord_1.2.2-8ubuntu0.1_all.deb
      Size/MD5:    42844 3b756503c8d809836c42b3c970169395

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    heartbeat-dev_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:   123274 c7329aa36efadfe9999182454564dafb
    heartbeat_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:   531238 c51bea450bb848ca9defb2a600cbf0b5
    libpils-dev_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:    59356 bfa043d078ed4bb91dc5e1b3ad693bb1
    libpils0_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:    49984 84e9798bbd2aa172f36d77aeaac40ac2
    libstonith-dev_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:    27500 fd0da8672d36b78f07bd774fbb7205c1
    libstonith0_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:    77628 b139b2a9b9c67cc4e4b0f7eea86dbc2d
    stonith_1.2.2-8ubuntu0.1_amd64.deb
      Size/MD5:    28552 50c25e035a9afac9b95e54407aca8694

  i386 architecture (x86 compatible Intel/AMD)

    heartbeat-dev_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:   112756 d0df067b1a8bc319b533a1f1fb94a13e
    heartbeat_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:   488994 fae2904a2a8cba2452c2e12ae705c3bd
    libpils-dev_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:    55508 3a9f5a7add62fc072e1647fe18452e54
    libpils0_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:    44938 11a6e9877e2e4d409eaece584681a9d5
    libstonith-dev_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:    27100 a470eea4e239627cb26a47c67d0a206f
    libstonith0_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:    67248 4b98f735c006d4c348d0a258a16b1dc8
    stonith_1.2.2-8ubuntu0.1_i386.deb
      Size/MD5:    28028 92d2b0b2eb1219940782828cb37e16be

  powerpc architecture (Apple Macintosh G3/G4/G5)

    heartbeat-dev_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:   124626 5509ddf56e9651daa3cee6885e759ca0
    heartbeat_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:   554794 99075d036528f230cee341f10d4a35be
    libpils-dev_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:    59420 1fb7f8ac2320ffd7ffc5e2b2b79452f2
    libpils0_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:    50962 d314814467eb35380d11b9664314511b
    libstonith-dev_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:    27662 c4a076b92af1479307d3b76c6d4d7d01
    libstonith0_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:    86594 083e5c9a268a7583b8993be9188f6afc
    stonith_1.2.2-8ubuntu0.1_powerpc.deb
      Size/MD5:    30830 7355d8b04d7e795009393cb8b569dc6f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    heartbeat_1.2.3-3ubuntu1.1.diff.gz
      Size/MD5:   245407 99c109587b63f09e215e959ba9f5e95b
    heartbeat_1.2.3-3ubuntu1.1.dsc
      Size/MD5:      847 396906a893ee422a2af0232315c654fa
    heartbeat_1.2.3.orig.tar.gz
      Size/MD5:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent packages:

    ldirectord_1.2.3-3ubuntu1.1_all.deb
      Size/MD5:    44484 77c0b44340fbca9ecb65d55028325c4e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    heartbeat-dev_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:   125228 ca0d487242ea6e86f8a846727e6de55a
    heartbeat_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:   532922 8a5c3db33bea01d6c39bb0a011d63099
    libpils-dev_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:    60900 4f423088204ee30724343bfdf8980026
    libpils0_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:    51590 15d3138654f905058b3eb97b3e0c600a
    libstonith-dev_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:    29080 c9a1f9dae5b6a68af490648c3bda9e98
    libstonith0_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:    79356 92971fe256772e7d22bbab96aebe0739
    stonith_1.2.3-3ubuntu1.1_amd64.deb
      Size/MD5:    30104 ea892aca4dbcab2e0bb0463e659c15d3

  i386 architecture (x86 compatible Intel/AMD)

    heartbeat-dev_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:   114652 2f43f3c91dca4c8146e0ded33a1987d0
    heartbeat_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:   489472 7b0e97cfaa9ec04a4f0ef1d73c152739
    libpils-dev_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:    57054 94ed42ccdd478566639b313c1bd3e89e
    libpils0_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:    46570 1d8dd224a5404345991e9ca2b8a91f88
    libstonith-dev_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:    28662 88444bfcfbc3a2b9e1775b024f4c54cd
    libstonith0_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:    69064 10e1b3e16c7109003e9818ebde63f190
    stonith_1.2.3-3ubuntu1.1_i386.deb
      Size/MD5:    29504 3d8dd26a1fd9c9de1dea642149d69b34

  powerpc architecture (Apple Macintosh G3/G4/G5)

    heartbeat-dev_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:   126700 e620900665670a81d4207aeac7f22884
    heartbeat_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:   556882 5113b635cf969850b3d93eac7c1d8569
    libpils-dev_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    60954 97e504b49ee9f55e8d9303d044556ee6
    libpils0_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    52598 d8a41f8b60a0f8dc9b6c2c9300b0ba7d
    libstonith-dev_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    29228 24ec82b2761d1d0561a0fe1b58adf4a3
    libstonith0_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    88814 5547291ce0b56e1683425136b22b6934
    stonith_1.2.3-3ubuntu1.1_powerpc.deb
      Size/MD5:    32386 0613b29df54ab3a4f2e41e492de58f82



--AqsLC8rIMeq19msA
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC+07wDecnbV4Fd/IRArJqAKC3yVoUINJYZL7rKxohWk5urj8eDgCeLY0I
6k4Qs82M0/f43aN++3jzo1g=
=zLYc
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--


--===============0775207302=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
http://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce



--===============0775207302==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung