USN-335-1: heartbeat vulnerability
Posted on: 08/16/2006 06:52 AM

A new heartbeat vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-335-1 August 16, 2006
heartbeat vulnerability
CVE-2006-3121
==========================
==========================
=========

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
heartbeat 1.2.3-3ubuntu1.3

Ubuntu 5.10:
heartbeat 1.2.3-12ubuntu0.2

Ubuntu 6.06 LTS:
heartbeat 1.2.4-2ubuntu0.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Yan Rong Ge discovered that heartbeat did not sufficiently verify some
packet input data, which could lead to an out-of-boundary memory
access. A remote attacker could exploit this to crash the daemon
(Denial of Service).


Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-3ubuntu1.3.diff.gz
Size/MD5: 246413 a32a59d76e061bd6bac2e5f6b52d429a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-3ubuntu1.3.dsc
Size/MD5: 847 75287cf172b2324fcb6146fb4f01872b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
.orig.tar.gz
Size/MD5: 1772513 9fd126e5dff51cc8c1eee223c252a4af

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_=
1.2.3-3ubuntu1.3_all.deb
Size/MD5: 44762 29cd137965c61243a58e48119fbc03b8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-3ubuntu1.3_amd64.deb
Size/MD5: 125542 46aefd45f2ae5d7090083a1e6b3abc95
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-3ubuntu1.3_amd64.deb
Size/MD5: 533186 8517f467bb79624846faf6e6aef90d37
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-3ubuntu1.3_amd64.deb
Size/MD5: 61188 55d3822a066db6ca026e73cc93757e2e
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
3ubuntu1.3_amd64.deb
Size/MD5: 51876 fb2c92a4afb0b98b825cc4090dce68ca
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-3ubuntu1.3_amd64.deb
Size/MD5: 29392 cf935431db7ad29b89510c15fcea7b85
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-3ubuntu1.3_amd64.deb
Size/MD5: 79636 6a8b6cd4849cef83a6da185271a11f40
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-3ubuntu1.3_amd64.deb
Size/MD5: 30374 abb1702cd5fc077f35db186e688afbce

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-3ubuntu1.3_i386.deb
Size/MD5: 114930 01d5cf77762f6acdfbbecb07e37684a3
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-3ubuntu1.3_i386.deb
Size/MD5: 489742 9043ef6e64721b9594e869d725c674e2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-3ubuntu1.3_i386.deb
Size/MD5: 57322 cdd78ca9617f4eeb24777b58eb67a202
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
3ubuntu1.3_i386.deb
Size/MD5: 46834 8219c2942dd086c943c40faf9bfb389f
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-3ubuntu1.3_i386.deb
Size/MD5: 28940 a3814e2973e4609d64fe70e4a7f861eb
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-3ubuntu1.3_i386.deb
Size/MD5: 69350 db94b20cefcaebffab4eea67565b9649
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-3ubuntu1.3_i386.deb
Size/MD5: 29776 ccbcc61c7f92df0d171e065ff4204f73

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-3ubuntu1.3_powerpc.deb
Size/MD5: 127004 b424f598b097fb156b536320ce170079
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-3ubuntu1.3_powerpc.deb
Size/MD5: 557220 fc50aba3f599c50adbf0358a2b78c5f2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-3ubuntu1.3_powerpc.deb
Size/MD5: 61250 05d241db1f4e3c99509d429d761a418a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
3ubuntu1.3_powerpc.deb
Size/MD5: 52888 44bedf0db1b7eaec32e7c4c040a80fc8
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-3ubuntu1.3_powerpc.deb
Size/MD5: 29522 e89eb0728dc6b46cef2a4421872c20c9
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-3ubuntu1.3_powerpc.deb
Size/MD5: 89106 ce852114e4f3c91b5ed12bb706cfdef8
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-3ubuntu1.3_powerpc.deb
Size/MD5: 32670 c18a2c412a2c17040288757ab41ecec8

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2.diff.gz
Size/MD5: 273336 1dd9d49f0e6ca1c4ad0cd6f4204e335b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2.dsc
Size/MD5: 889 c511e2aa94e679e9eff82adcbee08b41
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
.orig.tar.gz
Size/MD5: 1772513 9fd126e5dff51cc8c1eee223c252a4af

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_=
1.2.3-12ubuntu0.2_all.deb
Size/MD5: 45854 750a984cbd6ce9c1dd0097a4198f0ca3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-12ubuntu0.2_amd64.deb
Size/MD5: 127776 1d448a189109479077a8290a5c659026
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2_amd64.deb
Size/MD5: 541888 e0f612fd655b1a1b47a5797e9f9622e4
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-12ubuntu0.2_amd64.deb
Size/MD5: 62304 b0971134f0e63d0b04b1eacf4c106a92
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
12ubuntu0.2_amd64.deb
Size/MD5: 52604 f6bbc5928693d83eedba3b40538539af
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-12ubuntu0.2_amd64.deb
Size/MD5: 30608 f9be97032f2d07d84b0eba62d4e25fd1
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-12ubuntu0.2_amd64.deb
Size/MD5: 87998 e88a8156ecd5937680b26fa332b14d02
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-12ubuntu0.2_amd64.deb
Size/MD5: 37580 2c9e9822d627dd2ad97d9b1183a71784

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-12ubuntu0.2_i386.deb
Size/MD5: 116680 84e0c3ea4dbc8c300fd05b2f62ded9f6
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2_i386.deb
Size/MD5: 497468 6cf607fd94755e6c1076447a4c92ec80
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-12ubuntu0.2_i386.deb
Size/MD5: 57882 1e3f7e8e476f1907d6b0d1a4b627536e
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
12ubuntu0.2_i386.deb
Size/MD5: 46858 d0ab201dec6e864c7e41214fbc9be9cf
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-12ubuntu0.2_i386.deb
Size/MD5: 30072 ad5f9a1b7dc521710292ec3518b5f165
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-12ubuntu0.2_i386.deb
Size/MD5: 77104 7e350144a07fe09f10b32750a1c61e9e
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-12ubuntu0.2_i386.deb
Size/MD5: 37036 e5752110be935d33c7aa349bbae973be

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-12ubuntu0.2_powerpc.deb
Size/MD5: 129432 0db3a97b8ffaaaec28c6077cdaa91106
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2_powerpc.deb
Size/MD5: 566250 aa6f9a94380dd0c8f35c4162f9a7190a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-12ubuntu0.2_powerpc.deb
Size/MD5: 62180 0d6d9ae143eae7d1ac08ae16b72fe1cd
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
12ubuntu0.2_powerpc.deb
Size/MD5: 53504 b1909517f0120923db76a60353063e82
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-12ubuntu0.2_powerpc.deb
Size/MD5: 30662 8ea1cef321861f731a378d05148813c3
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-12ubuntu0.2_powerpc.deb
Size/MD5: 99326 de0e40548345390131f98a1c917b83c6
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-12ubuntu0.2_powerpc.deb
Size/MD5: 40162 f3316b95e6b3c0861da907dc38f5554f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.3-12ubuntu0.2_sparc.deb
Size/MD5: 122256 c51178df35945992e5e9f8967f0b7fed
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.3=
-12ubuntu0.2_sparc.deb
Size/MD5: 511418 31cd378ecd6e5c8b2c931de714371de1
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.3-12ubuntu0.2_sparc.deb
Size/MD5: 63178 f53d5ea5ab878aed6e4a4961dfee1971
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.3-=
12ubuntu0.2_sparc.deb
Size/MD5: 49732 c8a599ba808d32c2b0c04c5b96d9f5d2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.3-12ubuntu0.2_sparc.deb
Size/MD5: 30374 b44d9b7a067d08c6c2960019b64e9f61
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.3-12ubuntu0.2_sparc.deb
Size/MD5: 81104 66622f1b3ed5fde44f2a6a50f85ca6c1
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.3-12ubuntu0.2_sparc.deb
Size/MD5: 37230 eba867c3d200dc0249cebd2da630b072

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2.diff.gz
Size/MD5: 2894 e5ad9377750f020b54f650d4163dc172
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2.dsc
Size/MD5: 912 7ec8149d4ebbb71b24697fffe83767d3
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
.orig.tar.gz
Size/MD5: 2102978 7e3f752af06c25f7141c4b67a538e718

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/ldirectord_=
1.2.4-2ubuntu0.2_all.deb
Size/MD5: 48766 6cb064dbd5c94e2da32eb0e9b02d49c9

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.4-2ubuntu0.2_amd64.deb
Size/MD5: 133098 2f223c39712a7235c8f8c7c2a21e09c2
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2_amd64.deb
Size/MD5: 526412 48cc81aa739fba9f3410bf3a51e5d331
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.4-2ubuntu0.2_amd64.deb
Size/MD5: 64332 a73aeb5dbf95e3d5ae5c57056d4cf91e
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-=
2ubuntu0.2_amd64.deb
Size/MD5: 54446 d73f641c1e9487fff2c2fb22f017e5ea
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.4-2ubuntu0.2_amd64.deb
Size/MD5: 32496 d553b22e8e75370082a5dd002796e88a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.4-2ubuntu0.2_amd64.deb
Size/MD5: 104152 8c6d557471a0f3238e7f4238eaec3f60
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.4-2ubuntu0.2_amd64.deb
Size/MD5: 39478 99820cf60c7ce7fb9f079dffca1115c8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.4-2ubuntu0.2_i386.deb
Size/MD5: 121174 8a60debc025bbceb68a418289166e90f
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2_i386.deb
Size/MD5: 486972 2b0b999e0088dfc3d8b9b2751fd111e5
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.4-2ubuntu0.2_i386.deb
Size/MD5: 59820 a0b6a5acbad1c81dab74b90bbe6e9998
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-=
2ubuntu0.2_i386.deb
Size/MD5: 48574 9052de56fdb50c08b2e38a2c7116cab8
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.4-2ubuntu0.2_i386.deb
Size/MD5: 32022 f3fadd9eddcaf0efa3bb3b800ead25f6
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.4-2ubuntu0.2_i386.deb
Size/MD5: 91034 dda9ce215fdff5f6b59a193d3601faa2
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.4-2ubuntu0.2_i386.deb
Size/MD5: 38924 fbf4e15399628d362eb99624bb873d7d

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.4-2ubuntu0.2_powerpc.deb
Size/MD5: 134860 b7fa774f4ea883381f4907178c56133a
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2_powerpc.deb
Size/MD5: 551472 b36b62324ff4f89ced239c2a9b4e71f0
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.4-2ubuntu0.2_powerpc.deb
Size/MD5: 64242 667a1c57b8023835f8db5eaedbf81a5b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-=
2ubuntu0.2_powerpc.deb
Size/MD5: 55304 02113649bbb20e24d29297a61e9f600c
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.4-2ubuntu0.2_powerpc.deb
Size/MD5: 32608 94fd3022620af4641c7533928a498aae
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.4-2ubuntu0.2_powerpc.deb
Size/MD5: 117438 788421eb2b921e6fc1ee547e2de62f95
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.4-2ubuntu0.2_powerpc.deb
Size/MD5: 41976 22e5d2006315777b2ac9cbd4b5d25561

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat-dev_1=
.2.4-2ubuntu0.2_sparc.deb
Size/MD5: 126650 18703847139c2204ea39a5a8a03b4d00
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/heartbeat_1.2.4=
-2ubuntu0.2_sparc.deb
Size/MD5: 498094 b4efa8560d04b45abb0e4b28ac59d788
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils-dev_1.2=
.4-2ubuntu0.2_sparc.deb
Size/MD5: 65200 f74c41bc9b1f6149e38cf18ac499a5ad
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libpils0_1.2.4-=
2ubuntu0.2_sparc.deb
Size/MD5: 51586 145b8036334b7ecca86743d9af207a3b
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith-dev_=
1.2.4-2ubuntu0.2_sparc.deb
Size/MD5: 32238 884d357c9090519c59e5a8ea1e522e66
http://security.ubuntu.com/ubuntu/pool/main/h/heartbeat/libstonith0_1.2=
.4-2ubuntu0.2_sparc.deb
Size/MD5: 95846 f63ac7f74cbb963617bededd1e8709e5
http://security.ubuntu.com/ubuntu/pool/universe/h/heartbeat/stonith_1.2=
.4-2ubuntu0.2_sparc.deb
Size/MD5: 39080 cc7a891f39c33ac01aae1beab0a74de3

--hUH5gZbnpyIv7Mn4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE4xIXDecnbV4Fd/IRAuwLAJ96mUone0PHl/4fZ0fTPisRZY4PswCg6FIW
aZBxjfjFscgtvXHkNcxki7g=
=kmSw
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_335_1_heartbeat_vulnerability.html)