Описание
Security update for corosync
This update for corosync provides the following fixes:
- CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346)
- Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585)
- Fix a problem that was causing corosync memory to increase on ring breakup. (bsc#1083030)
- Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561)
Список пакетов
SUSE Linux Enterprise High Availability Extension 12 SP2
corosync-2.3.5-6.23.1
libcorosync4-2.3.5-6.23.1
Ссылки
- Link for SUSE-SU-2018:1130-1
- E-Mail link for SUSE-SU-2018:1130-1
- SUSE Security Ratings
- SUSE Bug 1066585
- SUSE Bug 1083030
- SUSE Bug 1083561
- SUSE Bug 1089346
- SUSE CVE CVE-2018-1084 page
Описание
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 12 SP2:corosync-2.3.5-6.23.1
SUSE Linux Enterprise High Availability Extension 12 SP2:libcorosync4-2.3.5-6.23.1
Ссылки
- CVE-2018-1084
- SUSE Bug 1089346