Candidate: CVE-2013-0250
PublicDate: 2014-06-06 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0250
 http://www.openwall.com/lists/oss-security/2013/02/01/1
Description:
 The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3
 does not properly initialize the HMAC key, which allows remote attackers to
 cause a denial of service (crash) via a crafted packet.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699615
 https://bugzilla.redhat.com/show_bug.cgi?id=906834
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_corosync:
 upstream: https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
upstream_corosync: needs-triage
hardy_corosync: DNE
lucid_corosync: not-affected (code-not-present)
oneiric_corosync: not-affected (code-not-present)
precise_corosync: not-affected (code-not-present)
quantal_corosync: not-affected (code-not-present)
devel_corosync: not-affected (code-not-present)