Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:1084-1

Опубликовано: 01 апр. 2025
Источник: suse-cvrf

Описание

Security update for corosync

This update for corosync fixes the following issues:

  • CVE-2025-30472: Fixed stack buffer overflow from 'orf_token_endian_convert' (bsc#1239987)

Список пакетов

SUSE Linux Enterprise High Availability Extension 15 SP3
corosync-2.4.6-150300.12.13.1
corosync-qdevice-2.4.6-150300.12.13.1
corosync-qnetd-2.4.6-150300.12.13.1
corosync-testagents-2.4.6-150300.12.13.1
libcfg6-2.4.6-150300.12.13.1
libcmap4-2.4.6-150300.12.13.1
libcorosync-devel-2.4.6-150300.12.13.1
libcorosync_common4-2.4.6-150300.12.13.1
libcpg4-2.4.6-150300.12.13.1
libquorum5-2.4.6-150300.12.13.1
libsam4-2.4.6-150300.12.13.1
libtotem_pg5-2.4.6-150300.12.13.1
libvotequorum8-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP4
corosync-2.4.6-150300.12.13.1
corosync-qdevice-2.4.6-150300.12.13.1
corosync-qnetd-2.4.6-150300.12.13.1
corosync-testagents-2.4.6-150300.12.13.1
libcfg6-2.4.6-150300.12.13.1
libcmap4-2.4.6-150300.12.13.1
libcorosync-devel-2.4.6-150300.12.13.1
libcorosync_common4-2.4.6-150300.12.13.1
libcpg4-2.4.6-150300.12.13.1
libquorum5-2.4.6-150300.12.13.1
libsam4-2.4.6-150300.12.13.1
libtotem_pg5-2.4.6-150300.12.13.1
libvotequorum8-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP5
corosync-2.4.6-150300.12.13.1
corosync-qdevice-2.4.6-150300.12.13.1
corosync-qnetd-2.4.6-150300.12.13.1
corosync-testagents-2.4.6-150300.12.13.1
libcfg6-2.4.6-150300.12.13.1
libcmap4-2.4.6-150300.12.13.1
libcorosync-devel-2.4.6-150300.12.13.1
libcorosync_common4-2.4.6-150300.12.13.1
libcpg4-2.4.6-150300.12.13.1
libquorum5-2.4.6-150300.12.13.1
libsam4-2.4.6-150300.12.13.1
libtotem_pg5-2.4.6-150300.12.13.1
libvotequorum8-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP6
corosync-2.4.6-150300.12.13.1
corosync-qdevice-2.4.6-150300.12.13.1
corosync-qnetd-2.4.6-150300.12.13.1
corosync-testagents-2.4.6-150300.12.13.1
libcfg6-2.4.6-150300.12.13.1
libcmap4-2.4.6-150300.12.13.1
libcorosync-devel-2.4.6-150300.12.13.1
libcorosync_common4-2.4.6-150300.12.13.1
libcpg4-2.4.6-150300.12.13.1
libquorum5-2.4.6-150300.12.13.1
libsam4-2.4.6-150300.12.13.1
libtotem_pg5-2.4.6-150300.12.13.1
libvotequorum8-2.4.6-150300.12.13.1
openSUSE Leap 15.6
corosync-2.4.6-150300.12.13.1
corosync-qdevice-2.4.6-150300.12.13.1
corosync-qnetd-2.4.6-150300.12.13.1
corosync-testagents-2.4.6-150300.12.13.1
libcfg6-2.4.6-150300.12.13.1
libcfg6-32bit-2.4.6-150300.12.13.1
libcmap4-2.4.6-150300.12.13.1
libcmap4-32bit-2.4.6-150300.12.13.1
libcorosync-devel-2.4.6-150300.12.13.1
libcorosync_common4-2.4.6-150300.12.13.1
libcorosync_common4-32bit-2.4.6-150300.12.13.1
libcpg4-2.4.6-150300.12.13.1
libcpg4-32bit-2.4.6-150300.12.13.1
libquorum5-2.4.6-150300.12.13.1
libquorum5-32bit-2.4.6-150300.12.13.1
libsam4-2.4.6-150300.12.13.1
libsam4-32bit-2.4.6-150300.12.13.1
libtotem_pg5-2.4.6-150300.12.13.1
libtotem_pg5-32bit-2.4.6-150300.12.13.1
libvotequorum8-2.4.6-150300.12.13.1
libvotequorum8-32bit-2.4.6-150300.12.13.1

Ссылки

Описание

Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP3:corosync-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP3:corosync-qdevice-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP3:corosync-qnetd-2.4.6-150300.12.13.1
SUSE Linux Enterprise High Availability Extension 15 SP3:corosync-testagents-2.4.6-150300.12.13.1
Ссылки