--------------------------------------------------------------------------
Debian Security Advisory DSA 174-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
October 14th, 2002                       Debian -- Debian security FAQ 
--------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
Upstream URL   :   

Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem
for High-Availability Linux.  A remote attacker could send a specially
crafted TCP packet that overflows a buffer, leaving heartbeat to
execute arbitrary code as root.

This problem has been fixed in version 0.4.9.0l-7.2 for the current
stable distribution (woody) and version 0.4.9.2-1 for the unstable
distribution (sid).  The old stable distribution (potato) doesn't
contain a heartbeat package.

We recommend that you upgrade your heartbeat package immediately if
you run internet connected servers that are heartbeat-monitored.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

      
      Size/MD5 checksum:      658 4e8837e9eb95922aa5afc247a494db5f
      
      Size/MD5 checksum:    46755 411725a4fd7aa7eef881cf51ba1a8cfb
      
      Size/MD5 checksum:   308033 1dcae9e87ad2e5c2113e91a884c1ca8e

  Architecture independent components:

      
      Size/MD5 checksum:    33118 27d3073cade1d823e0405755b9b4ebd1

  Alpha architecture:

      
      Size/MD5 checksum:   207742 bad9f314f54f855aca65766778a6c0b6
      
      Size/MD5 checksum:    15444 461b6552e2ad5ed112bbad3a13e083b7
      
      Size/MD5 checksum:    14078 1a03d5c6f3dff85bcd9a20e5b1286c79
      
      Size/MD5 checksum:    63892 3a8013ede5a68f62af818bd6f13369ea

  ARM architecture:

      
      Size/MD5 checksum:   193994 b2547bee30b2db32b8fd53943a6a0c1e
      
      Size/MD5 checksum:    15108 1e284480e2ec8e1e45c11d6035847f37
      
      Size/MD5 checksum:    13430 3424c37fbb757be208ac220636b1a3e6
      
      Size/MD5 checksum:    53572 9ee34e2dc31d9bb9eb7f430e9c259c3e

  Intel IA-32 architecture:

      
      Size/MD5 checksum:   185196 b59c131ae306280c722716ac3d54ac37
      
      Size/MD5 checksum:    14786 c5524b1271c4dd6863d16af09b3f5427
      
      Size/MD5 checksum:    13300 b95830c76892050c2f78e924a4881b6c
      
      Size/MD5 checksum:    51018 c1b98bd10d698030abde5e608a694762

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   259426 34814d6a05215a9cbd3e5c96420d16dd
      
      Size/MD5 checksum:    16156 65ff55faefafac7d4283ce57441d7d00
      
      Size/MD5 checksum:    15240 ff38757ef93dc3bf1027062c6f3bc06e
      
      Size/MD5 checksum:   100186 cc86feab05680b136abd9730a42c49c7

  HP Precision architecture:

      
      Size/MD5 checksum:   195424 bd2d9eae9a1b3dd8fefd11c30520baa7
      
      Size/MD5 checksum:    15250 93505675caf2cb172abae2219ed0e5eb
      
      Size/MD5 checksum:    13620 e6d96de79a3c2963cad57c189ce4efd8
      
      Size/MD5 checksum:    55176 d6b01189015ccf70c6cdb9e34dfa3253

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:   187538 c5d11a2c4504d6c828fa34927faa2a4a
      
      Size/MD5 checksum:    14930 9bb0a67c7b56e72a6053e3c4ab175079
      
      Size/MD5 checksum:    13466 30cab37a51d6909c46adde55df5dc98e
      
      Size/MD5 checksum:    53768 9338807e769384d2d42910905b8d7806

  Big endian MIPS architecture:

      
      Size/MD5 checksum:   185540 45d1de10e0b9c3648a8ecc64ca218533
      
      Size/MD5 checksum:    15198 a4336aa15162d94eefe5092f1e08236b
      
      Size/MD5 checksum:    13392 3eca61944f10a2465af5c2fb30009e45
      
      Size/MD5 checksum:    51178 3188ea4887b232248496e3ecc181a2c0

  Little endian MIPS architecture:

      
      Size/MD5 checksum:   185238 81527febb4de912fe2afd4dc6d268812
      
      Size/MD5 checksum:    15206 11abb4dd2097a410a5478c8ad65aca89
      
      Size/MD5 checksum:    13374 fba244b6ab2498f8992dbf76a207ef03
      
      Size/MD5 checksum:    50586 4fa3092c389d8622d710c0a382e5756a

  PowerPC architecture:

      
      Size/MD5 checksum:   187538 aa2be77ac0297e0dad79c109f3e358db
      
      Size/MD5 checksum:    14902 e131b0dfe4e60a0969ced8d58c4c8c12
      
      Size/MD5 checksum:    13412 c163239ed250b5b8644e2a411ea2f357
      
      Size/MD5 checksum:    52864 6d12535b030bd36a5652de3eaabe62c9

  IBM S/390 architecture:

      
      Size/MD5 checksum:   192056 59da9c083e9ac891c9450df298b28138
      
      Size/MD5 checksum:    14914 96ae3b7102d045ed006b6bfd3b0cba46
      
      Size/MD5 checksum:    13514 8c99f89a1a0aaa511b0a9b55669c9d78
      
      Size/MD5 checksum:    50554 84a7e86dda458b6fd5f11e71734917f8

  Sun Sparc architecture:

      
      Size/MD5 checksum:   204554 c673d5f9fe461cff9d480d5e27ef9266
      
      Size/MD5 checksum:    15250 a9f2c0fd52c533eb9feb957ccd1e280e
      
      Size/MD5 checksum:    13436 6f6659414591599f5648665e8285793e
      
      Size/MD5 checksum:    68248 fd05a5e856c774272407e0be0c4a3432


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/