Package name
heartbeat
Date
2005-08-09
Advisory ID
MDKSA-2005:132
Affected versions
CS3.0 i586 , CS3.0 x86_64

Problem description

Eric Romang discovered that Heartbeat would create temporary files with predictable filenames. This could allow a local attacker to create symbolic links in the temporary file directory pointing to a valid file on the filesystem which could lead to the file being overwritten by the rights of the user running the vulnerable script. The updated packages have been patched to correct this problem.

Updated packages

CS3.0 i586

 988b71b1018f73f77a94f9ac4d736ad1  corporate/3.0/RPMS/heartbeat-1.2.3-2.1.C30mdk.i586.rpm
6afa9bcec600cba453e97cfb8910eb66  corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.1.C30mdk.i586.rpm
02d4854a8683c467debb9a56a44123ac  corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.1.C30mdk.i586.rpm
23618a86f47b4289e9c85732569cfc1b  corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.1.C30mdk.i586.rpm
c515a12308e088d3aa322de379040d0a  corporate/3.0/RPMS/libheartbeat-pils0-1.2.3-2.1.C30mdk.i586.rpm
cd30d48b40ed4d9c4e2e86d6fcb0d9c9  corporate/3.0/RPMS/libheartbeat-pils0-devel-1.2.3-2.1.C30mdk.i586.rpm
cf2081419d50b42044a69de786b3e059  corporate/3.0/RPMS/libheartbeat-stonith0-1.2.3-2.1.C30mdk.i586.rpm
f2cef6941e6d635f1f21fe651e9646b4  corporate/3.0/RPMS/libheartbeat-stonith0-devel-1.2.3-2.1.C30mdk.i586.rpm
6da3d9489adc023b552116324c70f35a  corporate/3.0/RPMS/libheartbeat0-1.2.3-2.1.C30mdk.i586.rpm
67f33aac7c08767c5b2df9fb71ad64aa  corporate/3.0/RPMS/libheartbeat0-devel-1.2.3-2.1.C30mdk.i586.rpm
0f9dc2960afa29d70f57aff6573a0559  corporate/3.0/SRPMS/heartbeat-1.2.3-2.1.C30mdk.src.rpm

CS3.0 x86_64

 1c1a953510c8d5a82c9d5774c12b915a  x86_64/corporate/3.0/RPMS/heartbeat-1.2.3-2.1.C30mdk.x86_64.rpm
7c9f07341f2d7e9e68df078365c05334  x86_64/corporate/3.0/RPMS/heartbeat-ldirectord-1.2.3-2.1.C30mdk.x86_64.rpm
5cc9ef2dbf09da3b5bad12387b9d94a0  x86_64/corporate/3.0/RPMS/heartbeat-pils-1.2.3-2.1.C30mdk.x86_64.rpm
972307d2bdf4396e2df0b4fd0c3f8007  x86_64/corporate/3.0/RPMS/heartbeat-stonith-1.2.3-2.1.C30mdk.x86_64.rpm
d2287fd3e7d1ce3cbabc8331f9f8bfea  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-1.2.3-2.1.C30mdk.x86_64.rpm
5e523b3319eb3519420b9f651f6c5c01  x86_64/corporate/3.0/RPMS/lib64heartbeat-pils0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
e3276d0abb8c2c79287fe50bf6934a8a  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-1.2.3-2.1.C30mdk.x86_64.rpm
c636cc202c0ffdb8132bcfbb5d2ed142  x86_64/corporate/3.0/RPMS/lib64heartbeat-stonith0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
de2a839582b402dd63d9b435a956c103  x86_64/corporate/3.0/RPMS/lib64heartbeat0-1.2.3-2.1.C30mdk.x86_64.rpm
e05f6de07919d8dc994a83951ebf0794  x86_64/corporate/3.0/RPMS/lib64heartbeat0-devel-1.2.3-2.1.C30mdk.x86_64.rpm
0f9dc2960afa29d70f57aff6573a0559  x86_64/corporate/3.0/SRPMS/heartbeat-1.2.3-2.1.C30mdk.src.rpm

References