[ClusterLabs] Corosync 2.4.4 is available at corosync.org!
jpokorny at redhat.com
Thu Apr 12 10:13:42 EDT 2018
On 12/04/18 14:33 +0200, Jan Friesse wrote:
> I am pleased to announce the latest maintenance release of Corosync
> 2.4.4 available immediately from our website at
> This release contains a lot of fixes, including fix for CVE-2018-1084.
Security related updates would preferably provide more context
as a cue for users to evaluate urgency of applying the update
(or particular patch as denote below) and/or to consider the
That being said, there was this announcement at the oss-security list
earlier today: http://www.openwall.com/lists/oss-security/2018/04/12/2
from which I quote:
An integer overflow leading to an out-of-bound read was found
in authenticate_nss_2_3() in Corosync. An attacker could craft
a malicious packet that would lead to a denial of service.
> Complete changelog for 2.4.4:
> totemcrypto: Check length of the packet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Users