Updated corosync packages fix security vulnerability
Publication date: 05 Apr 2025Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30472
Description
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet. (CVE-2025-30472)
References
SRPMS
9/core
- corosync-3.1.7-1.1.mga9