Login
Newsletter
Werbung
Sicherheit: Denial of Service in Corosync
Aktuelle Meldungen Distributionen
Name: Denial of Service in Corosync
ID: USN-7478-1
Distribution: Ubuntu
Plattformen: Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 24.10
Datum: Mo, 5. Mai 2025, 23:04
Referenzen: https://www.cve.org/CVERecord?id=CVE-2025-30472
Applikationen: Corosync

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============0337543115503661617==
Content-Language: fr, en-CA, en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------hKM2OiMkM2gq5uBPM19HESuQ"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------hKM2OiMkM2gq5uBPM19HESuQ
Content-Type: multipart/mixed;
 boundary="------------5OBjibiZUswBIuHaD32dKcvJ";
 protected-headers="v1"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: "ubuntu-security-announce@lists.ubuntu.com"
 <ubuntu-security-announce@lists.ubuntu.com>
Message-ID: <3dabeaf1-5853-4970-8c78-f3ee9024ef26@canonical.com>
Subject: [USN-7478-1] Corosync vulnerability
Autocrypt-Gossip: addr=security@ubuntu.com; keydata=
 xsFNBF7HusQBEADHo6tQYXvxFcsmh1TW7uO5iJODq86SLfHg4GakjZuwqK3kIDeHmfEBgT4s
 +2+xXO8T5Q7ivna2K7bpcuUc33smqxX+vaMvaEACPyObGEtQ70irhG5NGN6neNIFVQyD3IBo
 zxFEq71rkcl0l2QUaQegfmSCrDBDq7tH40ZFfzfqIhDEd1b8b6pHmLImXnFpQ6TFgsRwMbF6
 KFRgBWk0YWxY33oalw+fyle2zTWiwI3kw5XP+Xjs9f/C7b63t9Cl1wUdxVCQn1+Jq1mKL/Of
 G/G3RHuC3tovU6JvF45Lv8kAGMpHkM9Nm9ptlT50lcZU2Nc2m34G/i4gPeAeHboQmc+ORNC9
 w7DhUseg1W48jEWriUW5CA29r9pqU+vjRafYIBsqtchXasqtcuzeDd5Witezo3tV1eyvJy38
 lKoENPA0cODDkuINmrVZt98dBjGnmKZHUa9HpmEyJ/LxfLK61mFLf3NQfPYeTpt/ML7Mb4CU
 TkPxs8LiigJgbGuCffbdvdyZLsxM+YLspak4XMfErpv+f2awOBgb+M6oOuvtb53r7BIu2AVH
 Od+U4URcg4rW/EWH4xVfedpMyIsDUSrP99rfufEBioTwRDxsrntwOXvfCRc2WaVLMbqODYIX
 jC+AynbHqEkQZVxDEuRS3pjoDnJ7R7piBHy7iL5Wb9nVihamSwARAQABzSVVYnVudHUgU2Vj
 dXJpdHkgPHNlY3VyaXR5QHVidW50dS5jb20+wsGUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQW
 AgMBAh4BAheAFiEEQHJg92Fuzk2dEkYnmOl0DcNFOeAFAmRREggFCQss8cQACgkQmOl0DcNF
 OeCbiQ//RdpnfN5oJ/Px1IQLFA0x6kEZAUjNpN1Mupfb52oX+dg774r/TawIc7tUE+o/WKuC
 Lh+0JI8HF8OIlN9cm+RrixQGll482qFWcWw/Nb7nnFtvwOCxlaTABGttEmesAZ125p6W7KIR
 6bRGxTXJ5Z50TLNUyBmc3+G3/hZigsFLBI/9GGzKCWNxobDfM9IQCknie/yfJ1NVeRoyXUpK
 dfgq9Pl/ohvR3BMrvw1XMTuxQn4C1cRcv+Wle/L/cq4fv3BLySYWElgeoKa2ozj9Fq2LRXF6
 uzO2QaTnfvOk1AdTUFev8lGSVb76nPOvnHcaTTsgRlwmdjTNDEKqSC8h5ZzjaWmPpMCZeY0/
 yTOnVlF5gercYD4utmSEcHMpBqNP1RZPt9SbN6x5v1l/tIA10TTi0UwnhklIsUqEUKXM/FKi
 YDJtzrLevdiPMoSOFCq/GY7fphisyXPL8teMLf5QFJ4WaLJdY1JQVMc5whlWj5SPOdWpQ08U
 aAX+bP822ZZ/6GKax+I2g9UN5itsNNz3GGs928zBCbzqAwmhat1LwbhS0Q9gAmrb8l0aPlYe
 9raaTAx/sZc8h11ivSNMExiB+W6184nuPgdqqH5cUPdNpDvvijOH18zj+BwGQ4pf8YyzDLqR
 Ng6BHrdsPgaQwbVVckiKvXP6vzrlruyiwRhKMZXf+MXOwU0EXse6xAEQAMbDPCAsziHrqt7T
 wGMAywGwEh0ADKf+KAL7Wpfpg/Vzeh/4ruQcbOSb83agupq5EJ1jP+JJRZ3nXq0Lhe0vRRzG
 YQJC9uYuHcWNpMY3HMPhSVBYEUr2dmVku6pREoTlUnNtf8ikbI2Hi7RiJ8Dz8s76lNA1t5Ow
 Yf6fw0lJ/5AsZ0KtL28kvZLM77UFSRcgaZyZxt2IQwDnn+YHyhuOtxbrX7yXhkjS/4KdfaUa
 7SN5QY7Cx8wPL9SPjnP0Tqg9SYlZy8D+bRZD+a7ZFeq1vyweCvDsBcCuMNEbMlVpOmCdTipS
 T2pdvcgaFW6WLX5oUZWRxqsBMVmMFuk+ck5hi0mKgWCaah7l2R7tDh9hY8PIpXigLoc8c8Jw
 +x4GFAe0OtU1/9METCtUJ/7dcmWREkLUsU7XqPwG2y+qIDrmZR6arlHMVxF43JZF9mY/ZZHO
 cnPP60c8qcScV4iLhA9hI7SuY1kfNr011zOuCxf+MwvQfeM0e/aKrpPrZNRxLK3ox73FDxeN
 4t+tTdW2Ln7MqorVhtdiJMiTZLt2cptOqQLWzBSwrcceBkHlysgtK9wdeDw1pbHNlG2SxJq+
 ge0zUIZ+ztFs82AGtiEcEXRjtmX9WF5/uFVPj+ZuYT4Rve5Zb8ama6dlD1WR5V9DI+xGIr+t
 d35cwCXde0HaCI+iNDXxABEBAAHCwXwEGAEKACYCGwwWIQRAcmD3YW7OTZ0SRieY6XQNw0U5
 4AUCZFESMwUJCyzx7wAKCRCY6XQNw0U54MOOEACWJmWWJVB6JokT23ByG8qVcPpZFXn6sX1D
 ZyuiWY/X/PgPkYxOmo3Q9ZutoaYLEeqRptSDOfgFS0oD78qjxDh/zSeCqgwmCAhfkH53jJ/L
 bhEwKt79o/PDLEWaYI915UKNpLark2ZuL+iQSSCLhywlzWrT47d7JqndYBgL3ukuQ+LflcoF
 g6RwayUjzGtnWJGN2Pg+BKS8x01AfIFtvn3QhSnBKUxmHneb+iq8bG/tbGoTXTrGmNHNqB7x
 inPt74a+kZRWNBZ28wwf7FQ7nXk8B6kBA6THs3IRew0u3U1qwYSp6v0QVYwj6o+FGSpQdwDW
 KnrHUc7oxrk2pfGY0PPdgcpBKuQ2bhlufLsLwe277zA7Mb36pVaUuf3a7Mswl3oUC8+Si4J9
 HmhthRX9GythWEyUCK2q9LZncaBJMi4Levdc2dkaSVNq166OxJ61fxtlmyHJpBrRPLc2TIxQ
 98v9fYwUVTGvHsneiZH0oxDXqdJs2zgkzVxktLp6mOWZtntu4SJexytJvEjJDMkPweq0PuDX
 pyEsNdweH0vWueQiCNYaFHVuCTBmcGbpF+MxtB+WijbpeJGRyciYfmqk7XuUNOLU7mXotPiE
 ALhdY3Z4JCTuKN+xJT+5vkXRVEsOjibTelUIdFkcSHsJ64yoLJ11fhZdaQx5HnfbHpsqjI5I
 oA==

--------------5OBjibiZUswBIuHaD32dKcvJ
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7478-1
May 05, 2025

corosync vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Corosync could be made to crash if it received specially crafted network
traffic.

Software Description:
- corosync: cluster engine daemon and utilities

Details:

It was discovered that Corosync incorrectly handled certain large UDP
packets. If encryption is disabled, or an attacker knows the encryption
key, this issue could be used to cause Corosync to crash, resulting in a
denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   corosync                        3.1.8-2ubuntu1.1

Ubuntu 24.04 LTS
   corosync                        3.1.7-1ubuntu3.1

Ubuntu 22.04 LTS
   corosync                        3.1.6-1ubuntu1.1

Ubuntu 20.04 LTS
   corosync                        3.0.3-2ubuntu2.2

After a standard system update you need to restart Corosync to make all the
necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7478-1
   CVE-2025-30472

Package Information:
   https://launchpad.net/ubuntu/+source/corosync/3.1.8-2ubuntu1.1
   https://launchpad.net/ubuntu/+source/corosync/3.1.7-1ubuntu3.1
   https://launchpad.net/ubuntu/+source/corosync/3.1.6-1ubuntu1.1
   https://launchpad.net/ubuntu/+source/corosync/3.0.3-2ubuntu2.2

--------------5OBjibiZUswBIuHaD32dKcvJ--

--------------hKM2OiMkM2gq5uBPM19HESuQ
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmgYxV0FAwAAAAAACgkQZWnYVadEvpOC
1xAAka3XhlZ8C/LkI7mozDH/6uKPMl+Zb8ZuWaX/ZY5Xvhp78Reb1kYY8mJm6qcJde7/UsWtwfZh
9VjCXLJ3HmPbnzCQ9pfM7yVV9FbaVj6P9awZoSKEXru4Whl772qpCQsGt9riYoHCGwB56VyitkaD
gjgupdMw3xdevWuK2xn3I6EF7a58HjvmaSIPMRaBeF9qhtRiXO6ljyz6N9WruMKJnv9TPceI1c0F
t9VSVgtmrtAOfYEZ0MtzxY+p8NTXkwI8PdTWGYqwuqRUInDqDyHShR0eQk5Xhj90R9L8Tq0nFX2v
mpOD4gosV9VBynAG7IHV1K+HtQRX4Yi/BuP/w2e7ULF+1AOrytLuh6aL+m5F0edjXNvynVmEGwt2
P3PSUiMtDTawmeNuETfDsoS6WmXPjeoGF9GbXdys9UtYA6vqrad5Pceccl9GVE+8kzELvgkGWO8e
xTK5IJu0i15wBa+NOBI4QQXFIHAPjA8lXXxsGFH4Iu7eKDvap92DI0m9ajX3S3SpJFA7viqvbCx+
8xwRI72+fbXRJS+5izko+v2ZpUnB7+lasPyJLUNcuAdJirAbtBuT44tS9SNFF2LKwl4ghSEQuL9G
pLCREsHzX8mKQGpS5V3O8hXfa6vlwk8Wr6Qd7D9kxPOWTZ++xvyWcjHAK4C5Z3YVRSZnQSR7Wcc7
xdY=
=Ntk9
-----END PGP SIGNATURE-----

--------------hKM2OiMkM2gq5uBPM19HESuQ--


--===============0337543115503661617==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============0337543115503661617==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung