Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 12 Apr 2018 14:16:48 +0200
From: Raphael Sanchez Prudencio <rasanche@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-1084 corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3()
 function

Description
===========

An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service.


Affected versions
=================

All versions of Corosync from 2.0.0 to 2.4.3 are vulnerable.


Patched versions
================

Corosync 2.4.4 includes the patch that fixes this vulnerability.


Credits
=======

This issue was discovered by Citrix Security Response Team.


Reference
==========

https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
https://bugzilla.redhat.com/show_bug.cgi?id=1552830

-- 
Raphael Sanchez Prudencio
Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.