UbuntuUpdates.org

Package "corosync"

Name: corosync

Description:

cluster engine daemon and utilities
Latest version: 3.1.6-1ubuntu1.2
Release: jammy (22.04)
Level: updates
Repository: main
Homepage: https://corosync.github.io/corosync/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "corosync"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "corosync" in Jammy

Repository Area Version
base main 3.1.6-1ubuntu1
base universe 3.1.6-1ubuntu1
security main 3.1.6-1ubuntu1.2
security universe 3.1.6-1ubuntu1.2
updates universe 3.1.6-1ubuntu1.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.1.6-1ubuntu1.2 2026-04-13 22:08:15 UTC

  corosync (3.1.6-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via wrong return value
    - debian/patches/CVE-2026-35091.patch: return error if sanity check
      fails in exec/totemsrp.c.
    - CVE-2026-35091
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2026-35092.patch: fix integer overflow in
      memb_join_sanity in exec/totemsrp.c.
    - CVE-2026-35092

 -- Marc Deslauriers <email address hidden> Fri, 10 Apr 2026 08:40:45 -0400
Source diff to previous version
CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit toke
CVE-2026-35092 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacke

Version: 3.1.6-1ubuntu1.1 2025-05-05 20:07:54 UTC

  corosync (3.1.6-1ubuntu1.1) jammy-security; urgency=medium

  * SECURITY UPDATE: stack buffer overflow
    - debian/patches/CVE-2025-30472.patch: check size of orf_token msg in
      exec/totemsrp.c.
    - CVE-2025-30472

 -- Marc Deslauriers <email address hidden> Thu, 27 Mar 2025 14:22:57 -0400
CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_con


About   -   Send Feedback to @ubuntu_updates