The problem can be corrected by upgrading the affected package to
version 1.2.2-8ubuntu0.1 (for Ubuntu 4.10), or 1.2.3-3ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Eric Romang discovered that heartbeat created temporary files in an
insecure manner. This could allow a symlink attack to create or
overwrite arbitrary files with root privileges as soon as heartbeat is