Advisories » MGASA-2018-0275

Updated corosync packages fix security vulnerability

Publication date: 06 Jun 2018
Modification date: 06 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1084

Description

An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service (CVE-2018-1084).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22905
• http://openwall.com/lists/oss-security/2018/04/12/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1084

SRPMS

6/core

• corosync-2.3.5-2.1.mga6