ELSA-2025-7478

Опубликовано: 02 июл. 2025

Источник: oracle-oval

Платформа: Oracle Linux 10

Описание

ELSA-2025-7478: corosync security update (MODERATE)

[3.1.9-1.1]

Resolves: RHEL-84612
totemsrp: Check size of orf_token msg (fixes CVE-2025-30472)

Обновленные пакеты

Oracle Linux 10

Oracle Linux aarch64

corosync

3.1.9-1.el10_0.1

corosync-vqsim

3.1.9-1.el10_0.1

corosynclib

3.1.9-1.el10_0.1

Oracle Linux x86_64

corosync

3.1.9-1.el10_0.1

corosync-vqsim

3.1.9-1.el10_0.1

corosynclib

3.1.9-1.el10_0.1

Связанные CVE

CVE-2025-30472

Ссылки на источники

Связанные уязвимости

CVE-2025-30472

CVSS3: 9

ubuntu

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 6.6

redhat

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

nvd

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVE-2025-30472

CVSS3: 9

debian

5 месяцев назад

Corosync through 3.1.9, if encryption is disabled or the attacker know ...

SUSE-SU-2025:1084-1

suse-cvrf

4 месяца назад

Security update for corosync