Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 Apr 2018 14:16:48 +0200
From: Raphael Sanchez Prudencio <rasanche@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3()
 function

Description
===========

An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.


Affected versions
=================

All versions of Corosync from 2.0.0 to 2.4.3 are vulnerable.


Patched versions
================

Corosync 2.4.4 includes the patch that fixes this vulnerability.


Credits
=======

This issue was discovered by Citrix Security Response Team.


Reference
==========

https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
https://bugzilla.redhat.com/show_bug.cgi?id=1552830

-- 
Raphael Sanchez Prudencio
Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ