Advisories ยป MGASA-2025-0127

Updated corosync packages fix security vulnerability

Publication date: 05 Apr 2025
Modification date: 05 Apr 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-30472

Description

Corosync through 3.1.9, if encryption is disabled or the attacker knows
the encryption key, has a stack-based buffer overflow in
orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
(CVE-2025-30472)
                

References

SRPMS

9/core