Описание
Security update for corosync
This update for corosync fixes the following issues:
- CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346)
- Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585)
- Fix a problem with configuration file incompatibilities that was causing corosync to not work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561)
This update was imported from the SUSE:SLE-12-SP3:Update update project.
Список пакетов
openSUSE Leap 42.3
corosync-2.3.6-10.1
corosync-testagents-2.3.6-10.1
libcorosync-devel-2.3.6-10.1
libcorosync4-2.3.6-10.1
libcorosync4-32bit-2.3.6-10.1
Ссылки
- E-Mail link for openSUSE-SU-2018:1136-1
- SUSE Security Ratings
Описание
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Затронутые продукты
openSUSE Leap 42.3:corosync-2.3.6-10.1
openSUSE Leap 42.3:corosync-testagents-2.3.6-10.1
openSUSE Leap 42.3:libcorosync-devel-2.3.6-10.1
openSUSE Leap 42.3:libcorosync4-2.3.6-10.1
Ссылки
- CVE-2018-1084
- SUSE Bug 1089346