UbuntuUpdates.org

Package "corosync"

Name: corosync

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • cluster engine notification daemon
  • cluster engine votequorum simulator

Latest version: 3.1.8-2ubuntu1.1
Release: oracular (24.10)
Level: security
Repository: universe

Links



Other versions of "corosync" in Oracular

Repository Area Version
base universe 3.1.8-2ubuntu1
base main 3.1.8-2ubuntu1
security main 3.1.8-2ubuntu1.1
updates main 3.1.8-2ubuntu1.1
updates universe 3.1.8-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.1.8-2ubuntu1.1 2025-05-05 14:07:39 UTC

  corosync (3.1.8-2ubuntu1.1) oracular-security; urgency=medium

  * SECURITY UPDATE: stack buffer overflow
    - debian/patches/CVE-2025-30472.patch: check size of orf_token msg in
      exec/totemsrp.c.
    - CVE-2025-30472

 -- Marc Deslauriers <email address hidden> Thu, 27 Mar 2025 14:22:03 -0400

CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_con



About   -   Send Feedback to @ubuntu_updates