UbuntuUpdates.org

Package "corosync-vqsim"

Name: corosync-vqsim

Description:

cluster engine votequorum simulator
Latest version: 3.1.7-1ubuntu3.2
Release: noble (24.04)
Level: updates
Repository: universe
Head package: corosync
Homepage: https://corosync.github.io/corosync/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "corosync-vqsim"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "corosync-vqsim" in Noble

Repository Area Version
base universe 3.1.7-1ubuntu3
security universe 3.1.7-1ubuntu3.2

Changelog

Version: 3.1.7-1ubuntu3.2 2026-04-13 22:08:28 UTC

  corosync (3.1.7-1ubuntu3.2) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via wrong return value
    - debian/patches/CVE-2026-35091.patch: return error if sanity check
      fails in exec/totemsrp.c.
    - CVE-2026-35091
  * SECURITY UPDATE: DoS via integer overflow
    - debian/patches/CVE-2026-35092.patch: fix integer overflow in
      memb_join_sanity in exec/totemsrp.c.
    - CVE-2026-35092

 -- Marc Deslauriers <email address hidden> Fri, 10 Apr 2026 08:40:11 -0400
Source diff to previous version
CVE-2026-35091 A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit toke
CVE-2026-35092 A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacke

Version: 3.1.7-1ubuntu3.1 2025-05-05 20:07:57 UTC

  corosync (3.1.7-1ubuntu3.1) noble-security; urgency=medium

  * SECURITY UPDATE: stack buffer overflow
    - debian/patches/CVE-2025-30472.patch: check size of orf_token msg in
      exec/totemsrp.c.
    - CVE-2025-30472

 -- Marc Deslauriers <email address hidden> Thu, 27 Mar 2025 14:22:38 -0400
CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_con


About   -   Send Feedback to @ubuntu_updates