|
|
Subscribe / Log in / New account

Debian alert DLA-4308-1 (corosync)



From:
              Thorsten Alteholz <debian@alteholz.de>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4308-1] corosync security update


Date:
              Mon, 22 Sep 2025 21:29:16 +0000


Message-ID:
              <c453ef81-692d-6a8d-47ee-11cf38351b@alteholz.de>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4308-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 22, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : corosync
Version        : 3.1.2-2+deb11u1
CVE ID         : CVE-2025-30472


An issue has been found in corosync, a cluster engine daemon and 
utilities. A stack-based buffer overflow may happen when encryption is 
disabled or the attacker knows the encryption key and a large crafted UDP 
packet has to be processed.


For Debian 11 bullseye, this problem has been fixed in version
3.1.2-2+deb11u1.

We recommend that you upgrade your corosync packages.

For the detailed security status of corosync please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/corosync

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjRv61fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdCoQ/+M0NqbBrSToHqgWSydCjUS/owP/OsBShL32MCeiFdk6kNXzhKpOx7r1lM
gByzjFLxmhxHR9+NsatcO7ojDI1S/LdLGhiaTauNekBujyBbGgDvAQZcScCkO44S
3/lEsSIWp/99+u/am9K52yCPzTgGY/uAI+HCwu6ykVb7fLAa5XEzPN9lyFAF3vuH
OnDr7URRFhmFvE+e3C/zBsB4AK+vfES6LlOUb4fTqzfkDK5fGe9AYE3n4SQCuKan
3xvz3i9WPBQpceJHewdSMrhtqmkdQqRAvCBSCzbr3/3mYjWwqM4kVw9Jl2+fF0yV
bT34FU5ntmBZd1YunlRz47O/RoPXaQ4gRg6VBKl8ZoTMh0i+brmCyo5jj38bP6bj
8Mtt4YjqcEmXtwbnAynpuw/MLgaCywtP1my1iiGAymRg6oeZtyYwV6svzW77PBui
mVcipoq6fcZDFSaSD5DHEqmm5qkXQjpQi1VNpe45MIYQQm11pL+gtTbrBG8UchoC
oEcwUlmU3D51LS5p2V4ohSc3vinQvNNqZZY8FEMSivb8KvtdsHGb4MXafecfkpUc
gNZEbRRNMGY2EyOJD2o9D+Z6AsJ5OwyFrYCqpqqRu0+eW/GwMPQ5sdoVxNlVdXs5
mqCFd9NAGkxCB7C1Hp5nhPEv4g3fC7MlK6PPxR7BrLWa8Pxk7lM=
=BcrA
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds