Bulletin d'alerte Debian

DSA-761-2 heartbeat -- Fichiers temporaires non sécurisés

Date du rapport:

19 juillet 2005

Paquets concernés:

heartbeat

Vulnérabilité:

Oui

Références dans la base de données de sécurité:

Dans le dictionnaire CVE du Mitre : CVE-2005-2231.

Pour plus d'information:

La mise à jour de sécurité DSA 761-1 pour pdns contenait un bogue qui introduisait une régression. Ce problème est corrigé avec ce bulletin. Vous trouverez ci-dessous, à titre de rappel, le texte original du bulletin :

Eric Romang a découvert plusieurs créations de fichier temporaire non sécurisées dans heartbeat, le sous-système pour la haute disponibilité sous Linux.

Pour l'ancienne distribution stable (Woody), ces problèmes ont été corrigés dans la version 0.4.9.0l-7.3.

Pour l'actuelle distribution stable (Sarge), ces problèmes ont été corrigés dans la version 1.2.3-9sarge3.

Pour la distribution instable (Sid), ces problèmes ont été corrigés dans la version 1.2.3-12.

Nous vous recommandons de mettre à jour votre paquet heartbeat.

Corrigé dans:

Debian GNU/Linux 3.0 (woody)

Source :: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.dsc; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.diff.gz; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_sparc.deb

Debian GNU/Linux 3.1 (sarge)

Source :: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.dsc; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3.diff.gz; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
Composant indépendant de l'architecture :: http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_alpha.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_arm.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_i386.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_ia64.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_hppa.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_m68k.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mips.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_mipsel.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_powerpc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_s390.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge3_sparc.deb; http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge3_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.

Les sommes MD5 des fichiers indiqués sont disponibles dans la nouvelle annonce de sécurité.