Gentoo Linux Security Advisory GLSA 200608-23 - Yan Rong Ge discovered that the peel_netstring() function in cl_netstring.c does not validate the length parameter of user input, which can lead to an out-of-bounds memory access when processing certain Heartbeat messages. Furthermore an unspecified local DoS issue was fixed. Versions less than 2.0.7 are affected.
d82d1245d8c7ce45caa059dbffc4d0bb4951f3f0b19756cc6dad5c14c2fa28a4
Mandriva Linux Security Advisory MDKSA-2006-142 - Two vulnerabilities by Yan Rong Ge in heartbeat versions prior to 2.0.6.
04d7f5ca9d6aa8ae64008e2cb9bd5f9818095ca624edba2f81118c1dd6a64420
Debian Security Advisory 1128-1 - Yan Rong Ge discovered that wrong permissions on a shared memory page in heartbeat, the subsystem for High-Availability Linux could be exploited by a local attacker to cause a denial of service.
1d78acd2fe62cd0f92062ec191b6bb1d1a16f8ea18c828b15e5f99c8c212378f
Ubuntu Security Notice USN-326-1 - Yan Rong Ge discovered that heartbeat did not set proper permissions for an allocated shared memory segment. A local attacker could exploit this to render the heartbeat service unavailable causing a denial of service condition.
7600556aac7c37b758cd243710ba9b13c441db44370096f4c00c8749f5352e97