Advisories » MGASA-2025-0127

Updated corosync packages fix security vulnerability

Publication date: 05 Apr 2025
Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30472

Description

Corosync through 3.1.9, if encryption is disabled or the attacker knows
the encryption key, has a stack-based buffer overflow in
orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
(CVE-2025-30472)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34146
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L63W4FOTC7DCCZ5Z6IDGHNMPP3LXH2YY/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30472

SRPMS

9/core

• corosync-3.1.7-1.1.mga9