Login
Newsletter
Werbung
Sicherheit: Unsichere Verwendung temporärer Dateien in heartbeat
Aktuelle Meldungen Distributionen
Name: Unsichere Verwendung temporärer Dateien in heartbeat
ID: DSA-761-2
Distribution: Debian
Plattformen: Debian sarge
Datum: Di, 16. August 2005, 13:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2231
Applikationen: Linux-HA

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 761-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 15th, 2005                       http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2231

The security update DSA 761-1 for pdns contained a bug which caused a
regression.  This problem is corrected with this advisory.  For
completeness below please find the original advisory text:

   Eric Romang discovered several insecure temporary file creations in
   heartbeat, the subsystem for High-Availability Linux.

For the stable distribution (sarge) these problems have been fixed in
version 1.2.3-9sarge3.

We recommend that you upgrade your heartbeat package.


Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
--------------------------------

  Source archives:

    heartbeat_1.2.3-9sarge3.dsc
      Size/MD5 checksum:      881 3544d0263e793b04ec3b893faa7d4358
    heartbeat_1.2.3-9sarge3.diff.gz
      Size/MD5 checksum:   267445 c38c21332c83fbbc6f04b7a95923c52b
    heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    ldirectord_1.2.3-9sarge3_all.deb
      Size/MD5 checksum:    45276 af7385c286cf97611abc63694536f31b

  Alpha architecture:

    heartbeat_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:   574458 0dbd8af2534f7f2097f3da75c6a4efb1
    heartbeat-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:   150592 66e74571efad4f25aa1f7ea3ed3a31a0
    libpils-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    70874 c1fe65aeda6313eff97e2f7a7e739a7f
    libpils0_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    53904 cb69e40fd6a1de6e87a72bd6a72e6ebe
    libstonith-dev_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    31064 cc3d581be9eba80478df3fb0dbbd2512
    libstonith0_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    94070 202897bb3f00c9c890b6ab42585e5ed6
    stonith_1.2.3-9sarge3_alpha.deb
      Size/MD5 checksum:    31516 f83006aa4c97225cb5a52178e9360e84

  AMD64 architecture:

    heartbeat_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:   525780 8360b452456be24df79c7ae29c53277b
    heartbeat-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:   126042 8a3b8b4e6c22c6a0fb1f7b459d211117
    libpils-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    61684 ddba93c0e7d37b4714a6f52cdfd3c595
    libpils0_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    52370 45c27593a16b94baf9647b6efca179d9
    libstonith-dev_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    29892 d15f73d6ce9f43a56abf7817ccbf08a8
    libstonith0_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    88908 1ad33906c529089fe40738304af1c1e0
    stonith_1.2.3-9sarge3_amd64.deb
      Size/MD5 checksum:    30926 26ddc4fbea838b972065b38bd29d249a

  ARM architecture:

    heartbeat_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:   498386 d88b235816220da27c4f316c957f99f8
    heartbeat-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:   123574 cf0088e68cc23bed1ac17d6e21715a73
    libpils-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    63160 731e5e243017d9a40aaa89ef4dae492b
    libpils0_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    49016 171e6fdbf0f72c525ac8695381f6d523
    libstonith-dev_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    29790 d82e6a7fdd5def2bcb0614a9276e5f88
    libstonith0_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    77380 14c49b6f70827caa9391ecab91981b30
    stonith_1.2.3-9sarge3_arm.deb
      Size/MD5 checksum:    30222 4fe0b9cb97d0721ed7b944c99bfffc0b

  Intel IA-32 architecture:

    heartbeat_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:   493636 af1e9089f5b799762ab2819a51557fde
    heartbeat-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:   117570 2ae72b36cdb8b61a4dd411f738d53ae3
    libpils-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    58876 38fc2cfb6d0f14e378b32e925d25a6db
    libpils0_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    48056 5d12b336be8605f155d549243c4e8deb
    libstonith-dev_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    29524 9b9e293795e1db55ca75c12e8c8aabf3
    libstonith0_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    79122 369ae7c1032c7ce9589149a0135354c7
    stonith_1.2.3-9sarge3_i386.deb
      Size/MD5 checksum:    30374 8b4c4a4aa922a8d5fa213b431bcffe53

  Intel IA-64 architecture:

    heartbeat_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   648244 9356cd18494dce44a0f27ba9f3c76425
    heartbeat-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   152630 b392e15e62434d99c8321e5efe8a5508
    libpils-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    74132 67f3e84093e5550ccc0f83aeebcd406f
    libpils0_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    62390 70d3376d7002c9db165aa74d54961bbf
    libstonith-dev_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    31194 99e6fb826d61ba6b720d02a3fcbfe976
    libstonith0_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:   104558 84c4e5c68b0273ef8be60c5f48628e29
    stonith_1.2.3-9sarge3_ia64.deb
      Size/MD5 checksum:    32444 030f7f481056357ba4d8c10d3427e2a9

  HP Precision architecture:

    heartbeat_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:   550550 f21382efe966438294ad461f09620acb
    heartbeat-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:   135880 86957e78d857d893755e3022ac1d648c
    libpils-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    68154 25d5a17fc0e3b63d5f3b02c659545d7b
    libpils0_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    55528 f13105c363b0137240048e09bb9ae07f
    libstonith-dev_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    30300 fc862d73793810ba0f5dcbf0ca11f1bb
    libstonith0_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    92774 bf04ac77fa0eb7eebcd74fe2cdad355f
    stonith_1.2.3-9sarge3_hppa.deb
      Size/MD5 checksum:    31380 2e379ced3aea02eea24640ce35dcf0ed

  Motorola 680x0 architecture:

    heartbeat_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:   480640 5a8df01756ad70aae2f0022b286f1970
    heartbeat-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:   113482 6c8947d7a9337589e5f0795f2b2bafaf
    libpils-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    56470 40a4e3f316137d2a77c0414e5f8c0170
    libpils0_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    48254 6998bfa6ccb10114a9eb118d48075cbe
    libstonith-dev_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    29418 dfa6314f2678a398be309767cea40623
    libstonith0_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    81896 9d2b5c93cb079805802a25230e412654
    stonith_1.2.3-9sarge3_m68k.deb
      Size/MD5 checksum:    30204 912a312571782a54275d1ea43c81f06f

  Big endian MIPS architecture:

    heartbeat_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:   536388 9e98c4c8d575ad8d1f3e5cd8ae1ad45e
    heartbeat-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:   132540 ede0ee1b34414f6eeb1f4d45847356e3
    libpils-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    65458 0a08a5ceccf9744ca4ead2d0be51fd9a
    libpils0_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    48326 cff2af32d2a51a98884947c98da6a3a3
    libstonith-dev_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    30128 5390bf7e0ac461eb12e0b9c11fb9ef5d
    libstonith0_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    80600 43d2f82e08ffd5f4ad6bf32d66fd7ade
    stonith_1.2.3-9sarge3_mips.deb
      Size/MD5 checksum:    32594 db05fce36a3c9ba63dff462136457c84

  Little endian MIPS architecture:

    heartbeat_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:   537016 79a6f30758663e974f925d3afc0e3eeb
    heartbeat-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:   132674 f4ad130febbe95b21e1e4f517324f53e
    libpils-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    65236 378b548016fa5c4e2df45b1f0e7f97c6
    libpils0_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    48546 58a80e13f3d66595e785c3aca0feccce
    libstonith-dev_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    30166 e4c11c0f413db63ca3b76bc75ca39a38
    libstonith0_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    80524 4ce68cf47764f0092916fbfd74c91e0f
    stonith_1.2.3-9sarge3_mipsel.deb
      Size/MD5 checksum:    32586 027dec3fbc1b16c5c7cb35c114aed1d3

  PowerPC architecture:

    heartbeat_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:   554938 5b72952dedccb187fb0db7438df7b019
    heartbeat-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:   127506 aae35f8d1888ce532f3ca54a4d62da7f
    libpils-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    61738 7f65568832507e6ff8e721f14f903367
    libpils0_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    53396 cb699f884c3a04703432e0b665154bd2
    libstonith-dev_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    30016 28c769722b7cb30630e729cfa403a3f0
    libstonith0_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    98590 816a4be11149be0b23ef71a83f8e8e63
    stonith_1.2.3-9sarge3_powerpc.deb
      Size/MD5 checksum:    33170 a480a5e90263e088c61d2fd0c69b684c

  IBM S/390 architecture:

    heartbeat_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:   530432 8cd269f9be98c289ff34daf10900002e
    heartbeat-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:   126658 aba07d35c7128edb4de04afb60714a69
    libpils-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    62370 08c42b465904968c333dbd0ba4a75a74
    libpils0_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    52828 5cc46349891c9343927606216ee37c17
    libstonith-dev_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    29904 5cf21f62deb179b7b7bf3d9f133a1ccd
    libstonith0_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    84810 0763f53019af2eaee8a40124d40002d5
    stonith_1.2.3-9sarge3_s390.deb
      Size/MD5 checksum:    30878 9eed7728d9e74166b3ebe358d87e0f75

  Sun Sparc architecture:

    heartbeat_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:   500874 b2f9e4558a891a32f8589bab66229377
    heartbeat-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:   121122 7ea5e33cb775d6761ce5895ea81d2bfe
    libpils-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    62918 b832c80146fad1ba2792e58247a2eafc
    libpils0_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    49994 b62c3a0612ae68351087f8dbb9575bc2
    libstonith-dev_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    29756 56d9d3a1815670b063e7404a238fe52e
    libstonith0_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    81156 395c0e3f7c9f26a40751d49f101293c6
    stonith_1.2.3-9sarge3_sparc.deb
      Size/MD5 checksum:    30300 9bb0898aecf070952a06990a111a620d


  These files will probably be moved into the stable distribution on
  its next update.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDAKkkW5ql+IAeqTIRAhiiAJ9+nzrjCMFQXrJH2a4PHxvpI+Xi1ACfS2Ai
/7FBVyXrLUbhYiJ82HBvE3I=
=qz5w
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung