USN-165-1: heartbeat vulnerability

USN-165-1: heartbeat vulnerability
Posted on: 08/11/2005 09:12 AM

A heartbeat update has been released for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-165-1 August 11, 2005
heartbeat vulnerability
CAN-2005-2231
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

heartbeat

The problem can be corrected by upgrading the affected package to version 1.2.2-8ubuntu0.1 (for Ubuntu 4.10), or 1.2.3-3ubuntu1.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Eric Romang discovered that heartbeat created temporary files in an insecure manner. This could allow a symlink attack to create or overwrite arbitrary files with root privileges as soon as heartbeat is started.

Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2-8ubuntu0.1.diff.gz
Size/MD5: 7876 1f219e99881df0996134000f855d9339
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2-8ubuntu0.1.dsc
Size/MD5: 862 9960ee62482cf244096c1601c34165b9
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2.orig.tar.gz
Size/MD5: 1565941 2f6f177c7aebba34ba45a68deac41e37

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_1.2.2-8ubuntu0.1_all.deb
Size/MD5: 42844 3b756503c8d809836c42b3c970169395

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 123274 c7329aa36efadfe9999182454564dafb
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 531238 c51bea450bb848ca9defb2a600cbf0b5
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 59356 bfa043d078ed4bb91dc5e1b3ad693bb1
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 49984 84e9798bbd2aa172f36d77aeaac40ac2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 27500 fd0da8672d36b78f07bd774fbb7205c1
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 77628 b139b2a9b9c67cc4e4b0f7eea86dbc2d
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.2-8ubuntu0.1_amd64.deb
Size/MD5: 28552 50c25e035a9afac9b95e54407aca8694

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 112756 d0df067b1a8bc319b533a1f1fb94a13e
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 488994 fae2904a2a8cba2452c2e12ae705c3bd
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 55508 3a9f5a7add62fc072e1647fe18452e54
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 44938 11a6e9877e2e4d409eaece584681a9d5
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 27100 a470eea4e239627cb26a47c67d0a206f
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 67248 4b98f735c006d4c348d0a258a16b1dc8
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.2-8ubuntu0.1_i386.deb
Size/MD5: 28028 92d2b0b2eb1219940782828cb37e16be

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 124626 5509ddf56e9651daa3cee6885e759ca0
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 554794 99075d036528f230cee341f10d4a35be
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 59420 1fb7f8ac2320ffd7ffc5e2b2b79452f2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 50962 d314814467eb35380d11b9664314511b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 27662 c4a076b92af1479307d3b76c6d4d7d01
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 86594 083e5c9a268a7583b8993be9188f6afc
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.2-8ubuntu0.1_powerpc.deb
Size/MD5: 30830 7355d8b04d7e795009393cb8b569dc6f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.1.diff.gz
Size/MD5: 245407 99c109587b63f09e215e959ba9f5e95b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.1.dsc
Size/MD5: 847 396906a893ee422a2af0232315c654fa
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
Size/MD5: 1772513 9fd126e5dff51cc8c1eee223c252a4af

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_1.2.3-3ubuntu1.1_all.deb
Size/MD5: 44484 77c0b44340fbca9ecb65d55028325c4e

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 125228 ca0d487242ea6e86f8a846727e6de55a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 532922 8a5c3db33bea01d6c39bb0a011d63099
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 60900 4f423088204ee30724343bfdf8980026
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 51590 15d3138654f905058b3eb97b3e0c600a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 29080 c9a1f9dae5b6a68af490648c3bda9e98
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 79356 92971fe256772e7d22bbab96aebe0739
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.1_amd64.deb
Size/MD5: 30104 ea892aca4dbcab2e0bb0463e659c15d3

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 114652 2f43f3c91dca4c8146e0ded33a1987d0
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 489472 7b0e97cfaa9ec04a4f0ef1d73c152739
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 57054 94ed42ccdd478566639b313c1bd3e89e
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 46570 1d8dd224a5404345991e9ca2b8a91f88
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 28662 88444bfcfbc3a2b9e1775b024f4c54cd
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 69064 10e1b3e16c7109003e9818ebde63f190
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.1_i386.deb
Size/MD5: 29504 3d8dd26a1fd9c9de1dea642149d69b34

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 126700 e620900665670a81d4207aeac7f22884
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 556882 5113b635cf969850b3d93eac7c1d8569
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 60954 97e504b49ee9f55e8d9303d044556ee6
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 52598 d8a41f8b60a0f8dc9b6c2c9300b0ba7d
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 29228 24ec82b2761d1d0561a0fe1b58adf4a3
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 88814 5547291ce0b56e1683425136b22b6934
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2.3-3ubuntu1.1_powerpc.deb
Size/MD5: 32386 0613b29df54ab3a4f2e41e492de58f82

Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_165_1_heartbeat_vulnerability.html)