Yan Rong Ge

**Name of the Vulnerable Software and Affected Versions** High-Availability Linux versions prior to 1.2.5 High-Availability Linux versions 2.0 prior to 2.0.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by exploiting the `length` parameter in a heartbeat message. **Recommendations** For High-Availability Linux versions prior to 1.2.5, update to version 1.2.5 or later. For High-Availability Linux versions 2.0 prior to 2.0.7, update to version 2.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** heartbeat versions prior to 2.0.6 ldirectord (affected versions not specified) libstonith0 (affected versions not specified) libstonith-dev (affected versions not specified) **Description** The issue allows local users to cause a denial of service via unknown vectors, possibly during a short time window on startup. Multiple vulnerabilities in the ldirectord, libstonith0, and libstonith-dev packages of the Debian GNU/Linux operating system can be exploited by a local attacker, leading to a disruption of protected information availability. **Recommendations** For heartbeat versions prior to 2.0.6, update to version 2.0.6 or later to resolve the issue. For ldirectord, libstonith0, and libstonith-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability.