Hello community, here is the log from the commit of package corosync for openSUSE:Factory checked in at 2018-04-17 11:13:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/corosync (Old) and /work/SRC/openSUSE:Factory/.corosync.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "corosync" Tue Apr 17 11:13:19 2018 rev:56 rq:596062 version:2.4.3 Changes: -------- --- /work/SRC/openSUSE:Factory/corosync/corosync.changes 2018-03-12 12:07:42.900070524 +0100 +++ /work/SRC/openSUSE:Factory/.corosync.new/corosync.changes 2018-04-17 11:13:22.706056309 +0200 @@ -1,0 +2,12 @@ +Fri Apr 13 05:17:10 UTC 2018 - [email protected] + +- (CVE-2018-1084) VUL-0: CVE-2018-1084: corosync: Integer overflow in totemcrypto(bsc#1089346) + Added: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch + +------------------------------------------------------------------- +Tue Apr 10 02:46:08 UTC 2018 - [email protected] + +- UNKNOWN version in corosync pkg-config(bsc#1088619) + Added: 0017-bsc#1088619-add-version.patch + +------------------------------------------------------------------- New: ---- 0017-bsc#1088619-add-version.patch 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ corosync.spec ++++++ --- /var/tmp/diff_new_pack.L0D7FR/_old 2018-04-17 11:13:23.394024042 +0200 +++ /var/tmp/diff_new_pack.L0D7FR/_new 2018-04-17 11:13:23.398023855 +0200 @@ -78,6 +78,8 @@ Patch21: 0014-logging-Close-before-and-open-blackbox-after-fork.patch Patch22: 0015-coverity-fixes.patch Patch23: 0016-bsc#1083561-upgrade-from-1-x-y.patch +Patch24: 0017-bsc#1088619-add-version.patch +Patch25: 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build # openais is indeed gone and should be uninstalled. Yes, we do not @@ -166,6 +168,8 @@ %patch21 -p1 %patch22 -p1 %patch23 -p1 +%patch24 -p1 +%patch25 -p1 %build %if %{with runautogen} ++++++ 0017-bsc#1088619-add-version.patch ++++++ --- /dev/null 2018-04-10 08:30:37.121221591 +0800 +++ corosync-2.4.3/.tarball-version 2018-04-10 18:30:37.907779088 +0800 @@ -0,0 +1 @@ +2.4.3 ++++++ 0018-bsc#1089346-corosync-Integer-overflow-in-totemcrypto.patch ++++++ --- corosync-2.4.3.orig/exec/totemcrypto.c 2017-10-20 20:40:19.000000000 +0800 +++ corosync-2.4.3/exec/totemcrypto.c 2018-04-13 13:01:02.864922963 +0800 @@ -736,6 +736,11 @@ unsigned char tmp_hash[hash_len[instance->crypto_hash_type]]; int datalen = *buf_len - hash_len[instance->crypto_hash_type]; + if (*buf_len <= hash_len[instance->crypto_hash_type]) { + log_printf(instance->log_level_security, "Received message is too short... ignoring"); + return -1; + } + if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) { return -1; } @@ -845,6 +850,11 @@ { struct crypto_config_header *cch = (struct crypto_config_header *)buf; + if (*buf_len <= sizeof(struct crypto_config_header)) { + log_printf(instance->log_level_security, "Received message is too short... ignoring"); + return (-1); + } + if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) { log_printf(instance->log_level_security, "Incoming packet has different crypto type. Rejecting");
