Salta la barra di navigazione

• Informazioni su Debian
• Notizie
• Ottenere Debian
• Supporto
• Angolo degli sviluppatori
• Mappa del sito
• Cerca

Bacheca Debian sulla sicurezza

DSA-174-1 heartbeat -- overflow di un buffer

Data della segnalazione:

14 ott 2002

Pacchetti coinvolti:

heartbeat

Vulnerabile:

Sì

Referenze all'interno del database della sicurezza:

Nel dizionario CVE di Mitre: CVE-2002-1215.

Maggiori informazioni:

Nathan Wallwork ha scoperto un overflow di un buffer in heartbeat, un sottosistema per Linux High-Availability. Un attaccante remoto potrebbe spedire un pacchetto UDP modificato appositamente per superare il limite del buffer, lasciando heartbeat ad eseguire del codice qualsiasi.

Questo problema è stato risolto nella versione 0.4.9.0l-7.2 per la attuale distribuzione stable (woody) e nella versione 0.4.9.2-1 per la distribuzione unstable (sid). La vecchia distribuzione stable (potato) non contiene il pacchetto heartbeat.

Raccomandiamo di aggiornare il proprio pacchetto heartbeat immediatamente se i server controllati sono collegati via internet.

Risolto in:

Debian GNU/Linux 3.0 (woody)

Sorgente:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.dsc

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2.diff.gz

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz

Componente indipendente dall'architettura:

http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.2_all.deb

Alpha:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_alpha.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_alpha.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_alpha.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_arm.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_arm.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_arm.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_i386.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_i386.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_i386.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb

HP Precision:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_hppa.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_hppa.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_hppa.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_m68k.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_m68k.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_m68k.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_mips.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_mips.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_mips.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_mipsel.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_mipsel.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_mipsel.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_powerpc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_powerpc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_powerpc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_s390.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_s390.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_s390.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_sparc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_sparc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_sparc.deb

http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_sparc.deb

Somma di controllo MD5 per i file in elenco disponibile nella notizia originale.

Questa pagina è disponibile anche nelle lingue seguenti:

dansk Deutsch English español français 日本語 (Nihongo) Português suomi svenska

Come configurare la lingua predefinita per i documenti