---

Home Security

Advisories: July 19, 2005

By

Debian GNU/Linux

Debian Security Advisory DSA 761-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 19th, 2005 http://www.debian.org/security/faq

Package : heartbeat
Vulnerability : insecure temporary files
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-2231

Eric Romang discovered several insecure temporary file creations
in heartbeat, the subsystem for High-Availability Linux.

For the old stable distribution (woody) these problems have been
fixed in version 0.4.9.0l-7.3.

For the stable distribution (sarge) these problems have been
fixed in version 1.2.3-9sarge2.

For the unstable distribution (sid) these problems have been
fixed in version 1.2.3-12.

We recommend that you upgrade your heartbeat package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.dsc

      Size/MD5 checksum: 658
2de794d2f0c7bbeafa08ecca95a47a12
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.diff.gz

      Size/MD5 checksum: 47040
1376087e2548ffea01f1fa05f0644952
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz

      Size/MD5 checksum: 308033
1dcae9e87ad2e5c2113e91a884c1ca8e

Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.3_all.deb

      Size/MD5 checksum: 33196
1555855937e539691c90d0922c5b4723

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_alpha.deb

      Size/MD5 checksum: 207842
2ac37764f43c65cb2c52ccbcb01c200c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_alpha.deb

      Size/MD5 checksum: 15528
09da0f1657f0cecdd5a61e64d427d2cd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_alpha.deb

      Size/MD5 checksum: 14166
68f4624f3ab15fdb40ca5c03509801a9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_alpha.deb

      Size/MD5 checksum: 63996
e6be61aaf9968a45279836d2c0ccfe06

ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_arm.deb

      Size/MD5 checksum: 194086
c844f2f1b2229158a9f957a35692a9b7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_arm.deb

      Size/MD5 checksum: 15192
553019cc16dca110440b1ff71b89c41a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_arm.deb

      Size/MD5 checksum: 13514
3f0388253daf988d1130e3ca85b22466
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_arm.deb

      Size/MD5 checksum: 53664
fa8d400ac60493dcb9a532d8267aa2a7

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_i386.deb

      Size/MD5 checksum: 185258
f31317301ac9a8c059e1198604e3501f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_i386.deb

      Size/MD5 checksum: 14860
231f74af0884ca03735c775ad382e8b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_i386.deb

      Size/MD5 checksum: 13370
6c003c7a78a50aee134f5e0fb80afca3
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_i386.deb

      Size/MD5 checksum: 51094
4699c73994b6f5ec39f9ece83dbcfc81

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb

      Size/MD5 checksum: 259426
34814d6a05215a9cbd3e5c96420d16dd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb

      Size/MD5 checksum: 16156
65ff55faefafac7d4283ce57441d7d00
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb

      Size/MD5 checksum: 15240
ff38757ef93dc3bf1027062c6f3bc06e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb

      Size/MD5 checksum: 100186
cc86feab05680b136abd9730a42c49c7

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_hppa.deb

      Size/MD5 checksum: 195524
56abbe7f95d60d060417a6ec48c12483
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_hppa.deb

      Size/MD5 checksum: 15340
9e20f4711e2eea62b7af29ff66e73410
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_hppa.deb

      Size/MD5 checksum: 13712
87b566f57390860362f28e1d36fabd39
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_hppa.deb

      Size/MD5 checksum: 55302
d578c7989b3ee7e817bbc4f7a1747aca

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_m68k.deb

      Size/MD5 checksum: 187656
7659d4d20a0497e6fcd392f748876c79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_m68k.deb

      Size/MD5 checksum: 15026
d13593c6bc76f66760a1a158665f3bff
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_m68k.deb

      Size/MD5 checksum: 13560
36324500270366b1e96b229857d53273
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_m68k.deb

      Size/MD5 checksum: 53844
805cb90d55db38fbf63491097525af2d

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mips.deb

      Size/MD5 checksum: 185602
346bd385318eb68b07fb6e46923ba497
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mips.deb

      Size/MD5 checksum: 15274
9c621d34da8824d136ebdd4936fe222b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mips.deb

      Size/MD5 checksum: 13478
335a654e6d4419517ba0ac9f1f616d93
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mips.deb

      Size/MD5 checksum: 51264
a7f3dd6afb7e8783bef2c112f0c05f5c

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mipsel.deb

      Size/MD5 checksum: 185328
ee8e33a8fc55f5c1b40a4124627c9809
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mipsel.deb

      Size/MD5 checksum: 15290
6f4b59bf0e457b0a1c4ab1ff3906056a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mipsel.deb

      Size/MD5 checksum: 13458
5b315945a4488e867304bbb30dbc5ccb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mipsel.deb

      Size/MD5 checksum: 50692
c47d7b8ea66b7adab97f71451632d82e

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_powerpc.deb

      Size/MD5 checksum: 187646
a5a6db6f8bdcf231c19967f83825ab2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_powerpc.deb

      Size/MD5 checksum: 14998
215f2585d66fa25d75caa9a58ae4f814
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_powerpc.deb

      Size/MD5 checksum: 13512
cb16f3b5d02d62cd26b97c64f2328a33
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_powerpc.deb

      Size/MD5 checksum: 52968
1dd68c1e52f0baafe093c1479d0ecfd1

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_s390.deb

      Size/MD5 checksum: 192078
78473e34aa764f4928a99ec072976a2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_s390.deb

      Size/MD5 checksum: 15002
18e2a84299bc88cee8368c2450834152
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_s390.deb

      Size/MD5 checksum: 13594
447c803912d89fcaf0f99cea1dc34b65
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_s390.deb

      Size/MD5 checksum: 50648
6fd38fc07695cefc9d6f2c5af4457781

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_sparc.deb

      Size/MD5 checksum: 204660
701227fa11d9a1cae8beb2cc2cd68bd4
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_sparc.deb

      Size/MD5 checksum: 15332
e2f9b50afc00eb526b4f0c71a32f4240
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_sparc.deb

      Size/MD5 checksum: 13526
ead73a8645f1729fa08d245b2e672938
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_sparc.deb

      Size/MD5 checksum: 68402
a0f407908bb7e5fe31c5bc7075a924f3

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.dsc

      Size/MD5 checksum: 881
d4d3d4d3ffdb81c703e193d1418bdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.diff.gz

      Size/MD5 checksum: 267336
448b159ad198b3e5aaa660fa4ba6b018
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz

      Size/MD5 checksum: 1772513
9fd126e5dff51cc8c1eee223c252a4af

Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge2_all.deb

      Size/MD5 checksum: 45260
1712cab7c30f489ab160d5f7d06a3716

Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 574418
1ac2659439d0671361f3162eddd347b3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 150546
c31bf25636f891049cb053044a570aaf
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 70828
75ff910609f049c38bccaa54aef64fe3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 53860
2b730ffadbd9acf789622e3388eb1b03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 31016
334717fd25592ce2b643b3ae7616975e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 94036
a7616bfe7d88fb048836ccd8cf993987
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_alpha.deb

      Size/MD5 checksum: 31472
7d264c0cb86bf84a3ec624d487589a04

ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 498330
c7efb45f68781a939308a72526f89384
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 123540
d5ada0bb40732f0600e214109b82fb65
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 63128
c34a0b395cf9ff89f9d900d7922553a0
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 48984
e61af3427c0fa8b91d3da816fb56ca03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 29752
26269c283c1d25dadc460646db6328cb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 77326
9762feec9177b5f25fb7a27df2343797
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_arm.deb

      Size/MD5 checksum: 30182
31d4ef55c09e15c7216b45b9fba8d7c0

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 493576
aa1036e1d88d4ed7e427c41c59b4c299
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 117480
bdac3d64829390a9f1d4e9f072cedcd2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 58838
e02009ab5394e1c6c8e23f6b82ce27ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 48020
897a098bf7c4eb050b9bbb25f4b4cb51
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 29484
4c6cf357f0f3f9489148e371101b5158
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 79082
7e0fed09db38b4aa952b49c504c1e2e9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_i386.deb

      Size/MD5 checksum: 30334
934b99ffd0c64cbaa93d98924dec7ce9

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 648240
9fa7f6229d090538201900967ae19b98
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 152596
6420045a3eca23f837b95afc764b441e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 74092
0696213e6ae465f94895fd8bfce04e06
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 62356
a7188eaa4220e15d66e68d25b81ef8f5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 31158
503f77fe0a202131271d5c7bd5644154
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 104520
e67cde820023abd4d3f972fe5b382786
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_ia64.deb

      Size/MD5 checksum: 32408
0b523cf39ff5637d3a1a77087acfc568

HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 550526
04644d7961eb113e73df5421aa95c2ec
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 135838
305b84e50925aa9649c6d1bc85a01b4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 68118
6003de303229ac0d7620ad186e37feb8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 55496
f3a577742b3f36f7930da7a0be4834b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 30262
7491e3eee8f09a3e4c4182e52188b8b6
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 92738
4bbd6be9256859def562f7bc2ce609c2
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_hppa.deb

      Size/MD5 checksum: 31342
043d19ec3865b81da9a4614c871598d7

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 480546
52de98aa76b73fc50f3c76320134f162
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 113396
1fabe1ce369c9598fc54c3dd98ea7c4c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 56432
d29cde3792cdf7f87f82555fc73a0017
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 48172
938a4dff2081fc7b0e3b2b3a2682be76
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 29382
ac7c0249dec626802b288a47f8453550
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 81846
947c019eadd0d23c7035d55797e84020
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_m68k.deb

      Size/MD5 checksum: 30176
2b79abf07dd5ccf750e24d8c340f2936

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 536356
34cc0c834822a400940f0f8ce35fbba3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 132518
73ed368f00343201e2b8aae24b16bc2e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 65420
d5c9dc962b061e87df0b2c1de8e17b52
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 48294
09c0de4f6afe635b343ae267f9c8479a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 30092
3af323a0a152ebdb35e874aa46ad2153
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 80576
e5b762cba06123a188d8b702ab1ea426
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mips.deb

      Size/MD5 checksum: 32554
af522fc1d263d87b3e4990f90d6fe0f9

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 536930
cd16e4657be6e5e80b6d42e083b0b59e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 132626
f3cebb2630ca5fabed9c2d7dd85b718f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 65190
1de3a22e027cf649c38ed3ee6e306fff
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 48504
a1a5790879c230ae02e34d0e8dff66fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 30118
686a83f067d915355659a1b7de6fcb79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 80490
9f2c86dcab0d151ef75df431dad1016a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mipsel.deb

      Size/MD5 checksum: 32542
06cf7d8f2f62346771da7205a0c2ba68

PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 554912
ffda2ab8ed9fbd870f39ca12ec7ce51b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 127456
0a82ec5198eeca8f10db33a14ff78ed3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 61698
68ec3aea447a88a2d1b3939ce3d0cc49
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 53354
c655c0674036cfb81474381bf5e24bcd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 29970
138543206d3ff9ce4c329e2d3bf1f3a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 98528
55a8e99ad199ea6d08cbfe25ccb5fcfe
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_powerpc.deb

      Size/MD5 checksum: 33138
8e049d3fd4863eb717a03c22acc12855

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 530408
719bec59d58bf3b4a0ade578d2f43d43
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 126590
7822fa62f40cdd4759cd6e0fff682b7e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 62282
6837ea537550f5acc19f0bbcb3b1ff17
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 52798
8298af9cff07a7bdc24afb31cb750a12
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 29864
1bb5ab18a77f5ad667c3c5ad850f5dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 84714
bb3ee107874ee4bd21957d4cdfc899cb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_s390.deb

      Size/MD5 checksum: 30832
cb960d90b91d2f2ae3c25cf66900531e

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 500806
402c337b801c3fd473efa6215ab057b4
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 121060
9e80b92c79d823c227a1faa00744eefb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 62868
8fe8d18f0988fc58c6e42af1b4fd6cb7
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 49962
ff349f6dd6d4afd784b9313b60e08876
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 29724
81ed86ebcfd7e4bd2a45d9210e6e9618
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 81058
54d0183a7a4dc65672a543900b525cf6
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_sparc.deb

      Size/MD5 checksum: 30268
e420c028e3a64d063327fc28e3dd193b

These files will probably be moved into the stable distribution
on its next update.

Debian Security Advisory DSA 762-1 security@debian.org
http://www.debian.org/security/
Martin Schulze
July 19th, 2005 http://www.debian.org/security/faq

Package : affix
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2005-2250 CAN-2005-2277
BugTraq ID : 14230
Debian Bug : 318327 318328

Kevin Finisterre discovered two problems in the Bluetooth FTP
client from affix, user space utilities for the Affix Bluetooth
protocol stack. The Common Vulnerabilities and Exposures project
identifies the following vulnerabilities:

CAN-2005-2250

A buffer overflow allows remote attackers to execute arbitrary
code via a long filename in an OBEX file share.

CAN-2005-2277

Missing input sanitising before executing shell commands allow
an attacker to execute arbitrary commands as root.

The old stable distribution (woody) is not affected by these
problems.

For the stable distribution (sarge) these problems have been
fixed in version 2.1.1-2.

For the unstable distribution (sid) these problems have been
fixed in version 2.1.2-2.

We recommend that you upgrade your affix package.

Upgrade Instructions

wget url

will fetch the file for you
dpkg -i file.deb

will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update

will update the internal database apt-get upgrade

will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge

Source archives:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.dsc

      Size/MD5 checksum: 669
bb24e5747a984193075e7ad2cde94bd2
    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2.diff.gz

      Size/MD5 checksum: 81326
c1e434ed0667a4e0f60d6e8f431fbc11
    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1.orig.tar.gz

      Size/MD5 checksum: 415816
34af8e6b1d20d99d01427f7da5c777ef

Alpha architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_alpha.deb

      Size/MD5 checksum: 103006
d897078ef26ac210835785a60f63ba40
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_alpha.deb

      Size/MD5 checksum: 93410
d606fe680c82300c17f821ab0238517d
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_alpha.deb

      Size/MD5 checksum: 75560
50dd674ab6f58b456152bd65232ef486

ARM architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_arm.deb

      Size/MD5 checksum: 85840
47fe949ac3eaf11e40785d535df13de5
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_arm.deb

      Size/MD5 checksum: 69494
17cbdd22f998e972d6d3719509766f1c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_arm.deb

      Size/MD5 checksum: 56790
a1f04650c5e0f086e95a3c90d87f0a14

Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_i386.deb

      Size/MD5 checksum: 84860
7f5b869acb23ff4d03074e72c5848972
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_i386.deb

      Size/MD5 checksum: 63308
c6931e79eb3f8ab121a6211bcb09d71c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_i386.deb

      Size/MD5 checksum: 59606
2b52f0d5ce8c700b50a2119c70e38330

Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_ia64.deb

      Size/MD5 checksum: 122082
e674b494cc0738be0ca67fe58e6fd366
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_ia64.deb

      Size/MD5 checksum: 93876
40a4a3b972b76d84839b22ec0047a1de
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_ia64.deb

      Size/MD5 checksum: 83630
c5af3eee5c18f3783d306bfcf2e6a3cf

HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_hppa.deb

      Size/MD5 checksum: 94884
f1fc0e6bd41671594f4ee434cad99505
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_hppa.deb

      Size/MD5 checksum: 76596
e1f3ed8b636875f9dfb744b71af2f172
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_hppa.deb

      Size/MD5 checksum: 68508
a3312999b8c7fea595e12a67b8d10640

Motorola 680×0 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_m68k.deb

      Size/MD5 checksum: 79808
d2e87f6c2ccb4f8b47c863e0d487d80b
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_m68k.deb

      Size/MD5 checksum: 58412
b118a825ac9844a648fe576389b3900c
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_m68k.deb

      Size/MD5 checksum: 54900
6dea7ad75560dda0689e77b0325df561

Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mips.deb

      Size/MD5 checksum: 97384
c29b563a1f965492e4a50fe0f563ae67
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mips.deb

      Size/MD5 checksum: 76390
f0cc63d8b1cecdf0dc2947800e2f2452
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mips.deb

      Size/MD5 checksum: 61332
ecb60a17b182d2a2324f329c5a7564da

Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_mipsel.deb

      Size/MD5 checksum: 97114
719915fc14b4892bc0f7bc5d5158cf46
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_mipsel.deb

      Size/MD5 checksum: 76264
af38e4dc83f10cce8d5cee6da728be1b
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_mipsel.deb

      Size/MD5 checksum: 60964
51af51daffb9106b7a882ac60ce603eb

PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_powerpc.deb

      Size/MD5 checksum: 94696
b2ffdb13a801392080093183099f564d
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_powerpc.deb

      Size/MD5 checksum: 70040
3beda3ff644615921cb6f70670c0a712
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_powerpc.deb

      Size/MD5 checksum: 65412
a05f1b318e88ce0f152558ed6919632f

IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_s390.deb

      Size/MD5 checksum: 92346
bbb62a4e6378d311414ee0740e94b712
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_s390.deb

      Size/MD5 checksum: 72978
364b0841f0806b6cfdf4f1b10b3d270b
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_s390.deb

      Size/MD5 checksum: 66764
41c5dad2e40c6771b6179b5567b39681

Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/affix/affix_2.1.1-2_sparc.deb

      Size/MD5 checksum: 84660
021fa0ec494ff7066f79ef40475ad5dd
    http://security.debian.org/pool/updates/main/a/affix/libaffix-dev_2.1.1-2_sparc.deb

      Size/MD5 checksum: 66050
b450abbd6079f564c4c285eeec220434
    http://security.debian.org/pool/updates/main/a/affix/libaffix2_2.1.1-2_sparc.deb

      Size/MD5 checksum: 57714
e09e4599c7bfc96493d0d6185d8c0ca0

These files will probably be moved into the stable distribution
on its next update.

For apt-get: deb http://security.debian.org/
stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Package info: `apt-cache show <pkg>’ and http://packages.debian.org/<pkg>

Mandriva Linux

Mandriva Linux Security Update Advisory

Package name: nss_ldap
Advisory ID: MDKSA-2005:121
Date: July 18th, 2005
Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate
Server 2.1, Multi Network Firewall 2.0

Problem Description:

Rob Holland, of the Gentoo Security Audit Team, discovered that
pam_ldap and nss_ldap would not use TLS for referred connections if
they are referred to a master after connecting to a slave,
regardless of the “ssl start_tls” setting in ldap.conf.

As well, a bug in nss_ldap in Corporate Server and Mandrake 10.0
has been fixed that caused crond, and other applications, to crash
as a result of clients receiving a SIGPIPE signal when attempting
to issue a new search request to a directory server that is no
longer available.

The updated packages have been patched to address this
issue.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2069

Updated Packages:

Mandrakelinux 10.0:
914dcae90f53c038cfc011abe891ab4d
10.0/RPMS/nss_ldap-212-4.1.100mdk.i586.rpm
 072543f7406517e0515d35d39e5f5f40
10.0/RPMS/pam_ldap-167-4.1.100mdk.i586.rpm
 541c2b177143c43b743b8d3fe5509ea9
10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
5235319856a96b9a1ef18a2913f6adcf
amd64/10.0/RPMS/nss_ldap-212-4.1.100mdk.amd64.rpm
 20aa9281762673b4ff2a79e4c108faf8
amd64/10.0/RPMS/pam_ldap-167-4.1.100mdk.amd64.rpm
 541c2b177143c43b743b8d3fe5509ea9
amd64/10.0/SRPMS/nss_ldap-212-4.1.100mdk.src.rpm

Mandrakelinux 10.1:
b0e26a28478136804d4aeb39d44c8d82
10.1/RPMS/nss_ldap-220-3.1.101mdk.i586.rpm
 700a3f02f035626e93fe9de327df9d52
10.1/RPMS/pam_ldap-170-3.1.101mdk.i586.rpm
 0292807cd0a28d55ca8e59489761bf25
10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
707a0491faf0022727255c56dc14c508
x86_64/10.1/RPMS/nss_ldap-220-3.1.101mdk.x86_64.rpm
 066cfd679a2d6ccb8f2f04cc223c8cb9
x86_64/10.1/RPMS/pam_ldap-170-3.1.101mdk.x86_64.rpm
 0292807cd0a28d55ca8e59489761bf25
x86_64/10.1/SRPMS/nss_ldap-220-3.1.101mdk.src.rpm

Mandrakelinux 10.2:
e51a248257f108f311a774d58f6c04fc
10.2/RPMS/nss_ldap-220-5.2.102mdk.i586.rpm
 f8716c332eaa6a29013dc9e69c164f3d
10.2/RPMS/pam_ldap-170-5.2.102mdk.i586.rpm
 9e638e127e5a8107ee23c0c1c9f76fd1
10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
a00d92227ecbd7ce25bd144c4a9d4ffe
x86_64/10.2/RPMS/nss_ldap-220-5.2.102mdk.x86_64.rpm
 87b5b7aac3a835d6e90d2ea916f0e530
x86_64/10.2/RPMS/pam_ldap-170-5.2.102mdk.x86_64.rpm
 9e638e127e5a8107ee23c0c1c9f76fd1
x86_64/10.2/SRPMS/nss_ldap-220-5.2.102mdk.src.rpm

Multi Network Firewall 2.0:
bb3ebbd81508ff14425daaac2e6eb339
mnf/2.0/RPMS/nss_ldap-212-4.1.M20mdk.i586.rpm
 b1ad2c72353d0e1213c9e0ae81c61ff9 mnf/2.0/RPMS/pam_

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.