[Debian-ha-maintainers] Bug#895653: corosync: CVE-2018-1084: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
Salvatore Bonaccorso
carnil at debian.org
Sat Apr 14 07:06:32 BST 2018
Source: corosync
Version: 2.4.2-3
Severity: grave
Tags: security upstream
Hi,
The following vulnerability was published for corosync, tracking bug
for the BTS, although we know Ferenc is already aware.
CVE-2018-1084[0]:
| corosync before version 2.4.4 is vulnerable to an integer overflow in
| exec/totemcrypto.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1084
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1084
[1] http://www.openwall.com/lists/oss-security/2018/04/12/2
Regards,
Salvatore
More information about the Debian-ha-maintainers
mailing list