Ubuntu CVE Tracker
Home
Main
Universe
Partner
CVE-2018-1084
Priority
Medium
Description
corosync before version 2.4.4 is vulnerable to an integer overflow in
exec/totemcrypto.c.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1084
http://www.openwall.com/lists/oss-security/2018/04/12/2
https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
https://ubuntu.com/security/notices/USN-4000-1
Bugs
https://bugzilla.redhat.com/show_bug.cgi?id=1552830
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895653
Assigned-to
leosilva
Notes
Package
Source:
corosync
(
LP
Ubuntu
Debian
)
Upstream:
needs-triage
Ubuntu 18.04 LTS
:
released
(2.4.3-0ubuntu1.1)
Ubuntu 16.04 ESM:
released
(2.3.5-3ubuntu2.3)
Ubuntu 14.04 ESM:
DNE
(trusty was needed)
Patches:
Upstream:
https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
Upstream:
https://github.com/corosync/corosync/commit/50e17ffc736f0052e921c861b6953ba8938e4103
Upstream:
https://github.com/corosync/corosync/commit/520a7085b06cb0383a4f92bb0d7fbb748d9e97fe
Upstream:
https://github.com/corosync/corosync/commit/08cb2372cd3bd63a910c2618a2cc86cad8885d78
Upstream:
https://github.com/corosync/corosync/commit/b25b029fe186bacf089ab8136da58390945eb35c
More Information
Mitre
NVD
Launchpad
Debian
Updated
: 2022-04-13 13:11:03 UTC (commit
f411bd370d482ef4385c4e751d121a4055fbc009
)