Advisories, July 30, 2006

Jul 31, 2006, 03:45 (0 Talkback[s])

Debian GNU/Linux

Debian Security Advisory DSA 1127-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
July 28th, 2006 http://www.debian.org/security/faq

Package : ethereal
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-3628 CVE-2006-3629 CVE-2006-3630 CVE-2006-3631 CVE-2006-3632
Debian Bug : 373913 375694

Several remote vulnerabilities have been discovered in the Ethereal network sniffer, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-3628

Ilja van Sprundel discovered that the FW-1 and MQ dissectors are vulnerable to format string attacks.

CVE-2006-3629

Ilja van Sprundel discovered that the MOUNT dissector is vulnerable to denial of service through memory exhaustion.

CVE-2006-3630

Ilja van Sprundel discovered off-by-one overflows in the NCP NMAS and NDPS dissectors.

CVE-2006-3631

Ilja van Sprundel discovered a buffer overflow in the NFS dissector.

CVE-2006-3632

Ilja van Sprundel discovered that the SSH dissector is vulnerable to denial of service through an infinite loop.

For the stable distribution (sarge) these problems have been fixed in version 0.10.10-2sarge6.

For the unstable distribution (sid) these problems have been fixed in version 0.99.2-1 of wireshark, the sniffer formerly known as ethereal.

We recommend that you upgrade your ethereal packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.dsc
      Size/MD5 checksum: 855 c707f586104e8686d9d2244ce2d7a506
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6.diff.gz
      Size/MD5 checksum: 173252 9c9821b8ebead45753446356c22cb578
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10.orig.tar.gz
      Size/MD5 checksum: 7411510 e6b74468412c17bb66cd459bfb61471c

Alpha architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum: 542792 15de1eb27365d6cae79d8d702e090f13
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum: 5475590 bef681e66102e67d36b7e6a42c2c2c3f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum: 154412 847bd247de53a90c7280043bedac7d93
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_alpha.deb
      Size/MD5 checksum: 106004 bee2da8a58d6e84c05b6a80537183694

AMD64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum: 486278 e6239c6efadea1399ad1fcab5a0da5f3
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum: 5333976 61bcb38c72686eeb7e8587179ab7594f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum: 154406 a13fdfd340be02a602f6fc576f166005
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_amd64.deb
      Size/MD5 checksum: 99298 7dd892a57430d66f7c97088b8c1eb187

ARM architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum: 472738 a10f7886e67d41949ec8488715276ca7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum: 4687198 d18c46329bf526579e7c1af409323610
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum: 154434 5c23b40f20e4079a6c58c697914b54ef
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_arm.deb
      Size/MD5 checksum: 95276 a56fa4124bd4193ec75bdedeaefcb47b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum: 443394 e72fd2ff7eec3cbd08fc07ed9458aada
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum: 4495996 9e1aebd1a408bf7472608917660ce9aa
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum: 154398 d84eaeb2fae751e3b36046e87c1981e1
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_i386.deb
      Size/MD5 checksum: 90684 c699e114b221acd10350cf8b51c608b9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum: 674208 354b3cc9866e6fefe48b38925a48ae32
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum: 6628612 e72ee2bfd8b6997a121c8a95b6742e4f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum: 154382 da6b4cf3246a63b4b8b94bc0db6d3dac
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_ia64.deb
      Size/MD5 checksum: 128860 370f38c0c53088195b7418d3af996d35

HP Precision architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum: 489076 bf76e69441ef032d5d8ad8420b5b25b8
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum: 5786654 7e88aabad273d3dd0e239f78ecc35491
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum: 154442 325e842eae1b96b8a33ec8ae025739e2
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_hppa.deb
      Size/MD5 checksum: 98192 7400d5ce588c3899f6e2b43f945bde6e

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum: 447546 489e9c8ae8069112a937c8a26d297709
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum: 5564820 636aff3dca750cb3ac139c21404c49a1
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum: 154472 776225c24043d3056c5b45914f24450a
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_m68k.deb
      Size/MD5 checksum: 90680 98475c71576aaee068be4ff5353050fe

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum: 462502 716d233fbf38161464290950590a071f
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum: 4723270 60f129963a2ce9ffbd599b60cfba11cd
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum: 154406 386b68e0403f729687d82786afb0241d
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mips.deb
      Size/MD5 checksum: 94498 af2ed192e6d4690d263f01127a8edfee

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum: 457750 ef72d36a3f9fa3945a98c14abc62e2ce
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum: 4459970 36bf7f5d57e23e14d1ade0bf9f9d49b0
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum: 154416 5d36a2d02f29374ef45bcdb1597423c5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_mipsel.deb
      Size/MD5 checksum: 94410 c585ae00dadccef338c292c1a2c268f9

PowerPC architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum: 455484 893d1f6bbc3097840ba7e53cc542bbee
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum: 5067540 e17cde3f8ff57a31a12270cb5d701257
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum: 154414 7b51770205dc37fc2fde1fd9ca344dda
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_powerpc.deb
      Size/MD5 checksum: 94112 7a49b609694e1eea450e621da3b2bc1f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum: 479470 528b47d9a5c453856edd9b6df28ebae7
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum: 5620570 874edf4f0f86ab3aee3f48a55f95f0d0
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum: 154400 86f2d581fa46af34788e0629c6e62ec5
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_s390.deb
      Size/MD5 checksum: 99696 1b622377fb056fe37b8104d295e56d28

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/e/ethereal/ethereal_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum: 465138 ad9fd25554415ff19dba6b89b5d48513
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-common_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum: 5129848 f1a7015616428128a1c65394226a87fe
    http://security.debian.org/pool/updates/main/e/ethereal/ethereal-dev_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum: 154424 ff78808097ae2bc2b4ed753f1b76f1b9
    http://security.debian.org/pool/updates/main/e/ethereal/tethereal_0.10.10-2sarge6_sparc.deb
      Size/MD5 checksum: 93600 a97f833739a88b5484b59989be966d0d

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1128-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 28th, 2006 http://www.debian.org/security/faq

Package : heartbeat
Vulnerability : permission error
Problem type : local
Debian-specific: no
CVE ID : CVE-2006-3815

Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service.

For the stable distribution (sarge) this problem has been fixed in version 1.2.3-9sarge5.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your heartbeat packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.dsc
      Size/MD5 checksum: 881 e2316605a229d2010d73f5a6010cd6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5.diff.gz
      Size/MD5 checksum: 272592 192d3f12c3760f390f1e6c8a3dba468b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum: 1772513 9fd126e5dff51cc8c1eee223c252a4af

Architecture independent components:

http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge5_all.deb
Size/MD5 checksum: 45524 7d2337e5b9688348a3138eba7e59e205

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 574460 9847e433ad0571780e0cc5e816b47e2a
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 150810 01833ce04b35dda6c00378f4f562c0a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 71086 d4215fb2936d0fb00c7795bb3b15f3f2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 54118 3728d492248c4466325307599e7dff4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 31278 94d4e6361b439de7c31c24e437db32c5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 94306 8db0b3e8359f591d41fb9e93f45c79d1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_alpha.deb
      Size/MD5 checksum: 31736 a7dc62066661195edf8fb02149bc4082

AMD64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 531406 8ed054c572a31b95cb0244bdb52d8a9e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 126298 1cba6c5a3e1f30454774f25a0c64ad1b
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 61920 8db8ad7a24c1d1d61c2f0f7394022e28
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 52610 31bc190e7467287595e869c3f18bf52b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 30124 09089f6d255cbde687038b769d2fecce
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 89148 6311c04b2d921525936174618470903e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_amd64.deb
      Size/MD5 checksum: 31160 14cda7586145fa6f96a233c355f88f69

ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 498476 4369ea208be3d589ec2e316685620986
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 123784 dccd3509cc873ce72485570228d2a6d9
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 63378 94641c17b4e3fed4824d899474c6e3ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 49238 979725f820f3325ee692ed145867b5ad
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 30018 8938e174a8c2c3dc06c6862140c72e5a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 77600 88ecf9e470daf707df6e894c3d1b79ad
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_arm.deb
      Size/MD5 checksum: 30442 2666a892d264498661431a05dc823f7d

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 493780 6eaa72e123ef20320d2b383b6ed2c722
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 117784 f4626f8e9352fdc9b1336a573698a845
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 59098 fdb08a2d7a22ca675b6403ae3b7d1329
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 48276 f3e32c9b71a4c53e2daf3fc5266e1324
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 29750 e43b664896db04159a225dab1be04165
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 79358 af9540fe562a354a661096f9b4f30e89
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_i386.deb
      Size/MD5 checksum: 30594 a1eaa1216c6ea8084c84d9871ad5f804

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 648316 384b63cb0ce2fb36ec41845d70f4376d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 152850 40244f1af6fe85a4266b43c6ab84f33d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 74340 e16ddc3837a2642b4f55828ed382a50e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 62588 3915b611f0bb05283bab465752970664
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 31410 f8c770b349aee38eb0fe6a1a3a1b508d
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 104774 beea35899d07dc042d07e7f06d3281c4
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_ia64.deb
      Size/MD5 checksum: 32668 6a1bcf82b90ba71697d8ee46d1353cf1

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 550630 3c9f7a2a70304891e40fefac094c43de
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 136092 96ac45ef564317a48f091b5c41418dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 68394 6146733cb8716e17c134f7d2364fbb0e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 55760 21ada52d116ff08c35bc922d581b411a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 30522 076ef9300f2b4fe6f8455560b45ad6aa
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 92992 dd2867a5ec53891bb1ac614d2f602ba1
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_hppa.deb
      Size/MD5 checksum: 31604 c4442dc502285bc3885be02eca1642a2

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 480728 cd80ece0f8ab57b5a1a749562f6712aa
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 113722 341f1d6845b7fe927b59ca6aa556434c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 56702 1d41a8bf1a1eafff34cb1b3e6fd1c62d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 48494 a0116b63431904bb0b52f603c2561b40
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 29650 5e38602c4a8dd757d5211faa1a394cef
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 82124 86c2ea4de5365d2a68c7552136f8cf85
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_m68k.deb
      Size/MD5 checksum: 30438 2ea96995e6ad25b4642e863ca9dbb72a

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 536454 a87ed4e47692e431c08799c49306374f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 132758 fe96f80213beced3e727f4480a88160f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 65676 d0621bcf15a88452f2a0a52b0c62a103
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 48544 2b988b58949a9bc0f4bae57ead80d2c7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 30350 a8ee448b80728ef7b367f8cfa8737fe1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 80816 7cd8f0f8d0f5edb34156598d94711170
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mips.deb
      Size/MD5 checksum: 32822 4a138abded7028692b82cfa946b117cb

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 537002 8598c58f2402ad8825bf8f3df4c151a7
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 132912 34e457d7ef19866d3db2bb2fc59ce1fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 65460 3ce0d1a87ab3beb0f7c48d34a11cd2c3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 48772 c642145166fa191c187c7ae6f25e279b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 30392 de240c2b6810179ada953f654d52d175
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 80754 aac5c4e257902dd4fc7dbf433981ee49
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_mipsel.deb
      Size/MD5 checksum: 32808 b24f0832f4ebb7b5b1cfc6d9ab446c99

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 556148 302f0b74bdd56165b94b01a9bb90a42d
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 127788 9b47664201dd587adcf9bf77f731a8a3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 61998 7c756384c43d1eaca20e620e6f1a4094
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 53702 d2346f5245b0582c62682e5c9cf15bac
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 30254 f71d058dae3548339e8ee6c6fbfeee02
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 98912 ad975e3342e9c7307db563fa934ed4d5
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_powerpc.deb
      Size/MD5 checksum: 33424 fcab2de5e474005a2d45845aa9fe05a1

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 530550 190c0f55b3e2382cfd62bdfe1d70401f
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 126878 1aeb5190ee76ab5d23b947f02ebbdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 62596 3ed233dec951d3c8f5a9e2a82451f97e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 53062 d736264ebc8ccc0377a03bb6b8657ee2
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 30124 86c4a1c40b11a78128d780a6449343c9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 85028 6fa09db025548cb563a9def7956b24bc
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_s390.deb
      Size/MD5 checksum: 31096 8f7aa5931d770cca199f0ecd367cf208

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 501034 943e6749e409d159828c23844d24b572
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 121342 ddde9f790ac4fb7c85c4b637d6b0fcfb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 63140 81e1bca4e8d3658045703b6270fc1c46
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 50226 009a9ab68cb128442d4ac63f63be401c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 29988 99b51b32a1202fdb842ffefecfa2df24
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 81390 fda21b3d7591335fe5feb3c19dd1f040
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge5_sparc.deb
      Size/MD5 checksum: 30528 0f3d32f0738ade94a602d6402fef0f92

These files will probably be moved into the stable distribution on its next update.

Debian Security Advisory DSA 1129-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 28th, 2006 http://www.debian.org/security/faq

Package : orisis
Vulnerability : format string
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3120

Ulf Harnhammar and Max Vozeler from the Debian Security Audit Project have found several format string security bugs in osiris, a network-wide system integrity monitor control interface. A remote attacker could exploit them and cause a denial of service or execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in version 4.0.6-1sarge1.

For the unstable distribution (sid) these problems have been fixed in version 4.2.0-2.

We recommend that you upgrade your osiris packages.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given at the end of this advisory:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.dsc
      Size/MD5 checksum: 601 f8e62dca889eac05f3c2f1cf6541bea2
    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1.diff.gz
      Size/MD5 checksum: 63328 905cddf6a6635ed215fff6f6055ad0a1
    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6.orig.tar.gz
      Size/MD5 checksum: 1882069 c23180e5e44aa4303531e0b9d9308c80

Alpha architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_alpha.deb
      Size/MD5 checksum: 522620 c0253943d34023c1dc631c537a1ca06d
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_alpha.deb
      Size/MD5 checksum: 78458 5f28cff0c30e6cd07f372856eef76383
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_alpha.deb
      Size/MD5 checksum: 539096 6c355764d7de45c5265c6b9cddc46508

AMD64 architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_amd64.deb
      Size/MD5 checksum: 410616 74844c2b8a8065c3b83514e48d491181
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_amd64.deb
      Size/MD5 checksum: 64558 0a7fa1f9e50b9e0b741e632aff27d94b
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_amd64.deb
      Size/MD5 checksum: 420262 efa9f94c1800311f8681f1a22e910f9e

ARM architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_arm.deb
      Size/MD5 checksum: 384090 474cc45ff970747ce6f12de47101f69b
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_arm.deb
      Size/MD5 checksum: 56660 4367a40e684927aea76a8e76817e6bba
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_arm.deb
      Size/MD5 checksum: 393078 0f3a51cfc73a6f44257430381408483b

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_i386.deb
      Size/MD5 checksum: 396662 94deb49a7491d638dee18d95fa60381f
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_i386.deb
      Size/MD5 checksum: 58538 740f1e83f63affb4ae27b27c2bd6428b
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_i386.deb
      Size/MD5 checksum: 408590 2cd01c3b1951b1d8abc6309bfa128ce7

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_ia64.deb
      Size/MD5 checksum: 657728 89bdbc95d1d29e26db6b51e42ad5c18c
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_ia64.deb
      Size/MD5 checksum: 86950 e9b05c215d1bcb091a5b46e262d9ca8b
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_ia64.deb
      Size/MD5 checksum: 672224 333c52a972189d3bf4675454e9ec9129

HP Precision architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_hppa.deb
      Size/MD5 checksum: 440916 91c3cec29a7b3996787915cb4bf593e8
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_hppa.deb
      Size/MD5 checksum: 63742 cec522bf491f0e391b1dcae6ac0e8a47
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_hppa.deb
      Size/MD5 checksum: 451814 32b8672f404ad6762490ba8f319559a5

Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_m68k.deb
      Size/MD5 checksum: 326266 695f574722644d342d2b908ff0648cfb
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_m68k.deb
      Size/MD5 checksum: 50500 26d63aabe7d343a63cdda55b5deb596a
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_m68k.deb
      Size/MD5 checksum: 335394 6a860f6aa7c6e3721585343a588f3d06

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mips.deb
      Size/MD5 checksum: 445424 aea2f31d23f86fe6e41a1611a6c14983
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mips.deb
      Size/MD5 checksum: 68234 d48f1ce470fa97b5b5eabb7fc59a3c60
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mips.deb
      Size/MD5 checksum: 458742 fc0f88642b7cb66315d46d44a070332d

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sarge1_mipsel.deb
      Size/MD5 checksum: 447630 c32ca383ee822bd3f5240323b5f3c048
    http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1sarge1_mipsel.deb
      Size/MD5 checksum: 69334 d7261eba94f809df3a65074f15d0d556
    http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1sarge1_mipsel.deb
      Size/MD5 checksum:

Subscribe to Our Daily Newsletter

Current Newswire:

More on LinuxToday

Advisories, July 30, 2006

Debian GNU/Linux