On 12/04/18 14:33 +0200, Jan Friesse wrote: > I am pleased to announce the latest maintenance release of Corosync > 2.4.4 available immediately from our website at > http://build.clusterlabs.org/corosync/releases/. > > This release contains a lot of fixes, including fix for CVE-2018-1084.
Security related updates would preferably provide more context as a cue for users to evaluate urgency of applying the update (or particular patch as denote below) and/or to consider the risks involved. That being said, there was this announcement at the oss-security list earlier today: http://www.openwall.com/lists/oss-security/2018/04/12/2 from which I quote: An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service. > Complete changelog for 2.4.4: > > [...] > > totemcrypto: Check length of the packet -- Poki
pgpv2TzGviVAA.pgp
Description: PGP signature
_______________________________________________ Users mailing list: Users@clusterlabs.org https://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org