-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 174-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 14th, 2002                      http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
Upstream URL   : http://linux-ha.org/security/sec01.txt

Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem
for High-Availability Linux.  A remote attacker could send a specially
crafted TCP packet that overflows a buffer, leaving heartbeat to
execute arbitrary code as root.

This problem has been fixed in version 0.4.9.0l-7.2 for the current
stable distribution (woody) and version 0.4.9.2-1 for the unstable
distribution (sid).  The old stable distribution (potato) doesn't
contain a heartbeat package.

We recommend that you upgrade your heartbeat package immediately if
you run internet connected servers that are heartbeat-monitored.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    heartbeat_0.4.9.0l-7.2.dsc
      Size/MD5 checksum:      658 4e8837e9eb95922aa5afc247a494db5f
    heartbeat_0.4.9.0l-7.2.diff.gz
      Size/MD5 checksum:    46755 411725a4fd7aa7eef881cf51ba1a8cfb
    heartbeat_0.4.9.0l.orig.tar.gz
      Size/MD5 checksum:   308033 1dcae9e87ad2e5c2113e91a884c1ca8e

  Architecture independent components:

    ldirectord_0.4.9.0l-7.2_all.deb
      Size/MD5 checksum:    33118 27d3073cade1d823e0405755b9b4ebd1

  Alpha architecture:

    heartbeat_0.4.9.0l-7.2_alpha.deb
      Size/MD5 checksum:   207742 bad9f314f54f855aca65766778a6c0b6
    libstonith-dev_0.4.9.0l-7.2_alpha.deb
      Size/MD5 checksum:    15444 461b6552e2ad5ed112bbad3a13e083b7
    libstonith0_0.4.9.0l-7.2_alpha.deb
      Size/MD5 checksum:    14078 1a03d5c6f3dff85bcd9a20e5b1286c79
    stonith_0.4.9.0l-7.2_alpha.deb
      Size/MD5 checksum:    63892 3a8013ede5a68f62af818bd6f13369ea

  ARM architecture:

    heartbeat_0.4.9.0l-7.2_arm.deb
      Size/MD5 checksum:   193994 b2547bee30b2db32b8fd53943a6a0c1e
    libstonith-dev_0.4.9.0l-7.2_arm.deb
      Size/MD5 checksum:    15108 1e284480e2ec8e1e45c11d6035847f37
    libstonith0_0.4.9.0l-7.2_arm.deb
      Size/MD5 checksum:    13430 3424c37fbb757be208ac220636b1a3e6
    stonith_0.4.9.0l-7.2_arm.deb
      Size/MD5 checksum:    53572 9ee34e2dc31d9bb9eb7f430e9c259c3e

  Intel IA-32 architecture:

    heartbeat_0.4.9.0l-7.2_i386.deb
      Size/MD5 checksum:   185196 b59c131ae306280c722716ac3d54ac37
    libstonith-dev_0.4.9.0l-7.2_i386.deb
      Size/MD5 checksum:    14786 c5524b1271c4dd6863d16af09b3f5427
    libstonith0_0.4.9.0l-7.2_i386.deb
      Size/MD5 checksum:    13300 b95830c76892050c2f78e924a4881b6c
    stonith_0.4.9.0l-7.2_i386.deb
      Size/MD5 checksum:    51018 c1b98bd10d698030abde5e608a694762

  Intel IA-64 architecture:

    heartbeat_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   259426 34814d6a05215a9cbd3e5c96420d16dd
    libstonith-dev_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    16156 65ff55faefafac7d4283ce57441d7d00
    libstonith0_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    15240 ff38757ef93dc3bf1027062c6f3bc06e
    stonith_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   100186 cc86feab05680b136abd9730a42c49c7

  HP Precision architecture:

    heartbeat_0.4.9.0l-7.2_hppa.deb
      Size/MD5 checksum:   195424 bd2d9eae9a1b3dd8fefd11c30520baa7
    libstonith-dev_0.4.9.0l-7.2_hppa.deb
      Size/MD5 checksum:    15250 93505675caf2cb172abae2219ed0e5eb
    libstonith0_0.4.9.0l-7.2_hppa.deb
      Size/MD5 checksum:    13620 e6d96de79a3c2963cad57c189ce4efd8
    stonith_0.4.9.0l-7.2_hppa.deb
      Size/MD5 checksum:    55176 d6b01189015ccf70c6cdb9e34dfa3253

  Motorola 680x0 architecture:

    heartbeat_0.4.9.0l-7.2_m68k.deb
      Size/MD5 checksum:   187538 c5d11a2c4504d6c828fa34927faa2a4a
    libstonith-dev_0.4.9.0l-7.2_m68k.deb
      Size/MD5 checksum:    14930 9bb0a67c7b56e72a6053e3c4ab175079
    libstonith0_0.4.9.0l-7.2_m68k.deb
      Size/MD5 checksum:    13466 30cab37a51d6909c46adde55df5dc98e
    stonith_0.4.9.0l-7.2_m68k.deb
      Size/MD5 checksum:    53768 9338807e769384d2d42910905b8d7806

  Big endian MIPS architecture:

    heartbeat_0.4.9.0l-7.2_mips.deb
      Size/MD5 checksum:   185540 45d1de10e0b9c3648a8ecc64ca218533
    libstonith-dev_0.4.9.0l-7.2_mips.deb
      Size/MD5 checksum:    15198 a4336aa15162d94eefe5092f1e08236b
    libstonith0_0.4.9.0l-7.2_mips.deb
      Size/MD5 checksum:    13392 3eca61944f10a2465af5c2fb30009e45
    stonith_0.4.9.0l-7.2_mips.deb
      Size/MD5 checksum:    51178 3188ea4887b232248496e3ecc181a2c0

  Little endian MIPS architecture:

    heartbeat_0.4.9.0l-7.2_mipsel.deb
      Size/MD5 checksum:   185238 81527febb4de912fe2afd4dc6d268812
    libstonith-dev_0.4.9.0l-7.2_mipsel.deb
      Size/MD5 checksum:    15206 11abb4dd2097a410a5478c8ad65aca89
    libstonith0_0.4.9.0l-7.2_mipsel.deb
      Size/MD5 checksum:    13374 fba244b6ab2498f8992dbf76a207ef03
    stonith_0.4.9.0l-7.2_mipsel.deb
      Size/MD5 checksum:    50586 4fa3092c389d8622d710c0a382e5756a

  PowerPC architecture:

    heartbeat_0.4.9.0l-7.2_powerpc.deb
      Size/MD5 checksum:   187538 aa2be77ac0297e0dad79c109f3e358db
    libstonith-dev_0.4.9.0l-7.2_powerpc.deb
      Size/MD5 checksum:    14902 e131b0dfe4e60a0969ced8d58c4c8c12
    libstonith0_0.4.9.0l-7.2_powerpc.deb
      Size/MD5 checksum:    13412 c163239ed250b5b8644e2a411ea2f357
    stonith_0.4.9.0l-7.2_powerpc.deb
      Size/MD5 checksum:    52864 6d12535b030bd36a5652de3eaabe62c9

  IBM S/390 architecture:

    heartbeat_0.4.9.0l-7.2_s390.deb
      Size/MD5 checksum:   192056 59da9c083e9ac891c9450df298b28138
    libstonith-dev_0.4.9.0l-7.2_s390.deb
      Size/MD5 checksum:    14914 96ae3b7102d045ed006b6bfd3b0cba46
    libstonith0_0.4.9.0l-7.2_s390.deb
      Size/MD5 checksum:    13514 8c99f89a1a0aaa511b0a9b55669c9d78
    stonith_0.4.9.0l-7.2_s390.deb
      Size/MD5 checksum:    50554 84a7e86dda458b6fd5f11e71734917f8

  Sun Sparc architecture:

    heartbeat_0.4.9.0l-7.2_sparc.deb
      Size/MD5 checksum:   204554 c673d5f9fe461cff9d480d5e27ef9266
    libstonith-dev_0.4.9.0l-7.2_sparc.deb
      Size/MD5 checksum:    15250 a9f2c0fd52c533eb9feb957ccd1e280e
    libstonith0_0.4.9.0l-7.2_sparc.deb
      Size/MD5 checksum:    13436 6f6659414591599f5648665e8285793e
    stonith_0.4.9.0l-7.2_sparc.deb
      Size/MD5 checksum:    68248 fd05a5e856c774272407e0be0c4a3432


  These files will probably be moved into the stable distribution on
  its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9qsWmW5ql+IAeqTIRAn4XAKCRnyGqpDzSw5SLEpGaseiVDuGv1wCfZ5bo
vZBc+iDb3aOcReUIdg8UKOs=
=hoEW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org