UbuntuUpdates.org

Package "corosync"

Name: corosync

Description:

cluster engine daemon and utilities
Latest version: 3.0.3-2ubuntu2.2
Release: focal (20.04)
Level: updates
Repository: main
Homepage: https://corosync.github.io/corosync/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "corosync"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "corosync" in Focal

Repository Area Version
base main 3.0.3-2ubuntu2
base universe 3.0.3-2ubuntu2
security main 3.0.3-2ubuntu2.2
security universe 3.0.3-2ubuntu2.2
updates universe 3.0.3-2ubuntu2.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.0.3-2ubuntu2.2 2025-05-05 20:07:41 UTC

  corosync (3.0.3-2ubuntu2.2) focal-security; urgency=medium

  * SECURITY UPDATE: stack buffer overflow
    - debian/patches/CVE-2025-30472.patch: check size of orf_token msg in
      exec/totemsrp.c.
    - CVE-2025-30472

 -- Marc Deslauriers <email address hidden> Thu, 27 Mar 2025 14:23:27 -0400
Source diff to previous version
CVE-2025-30472 Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_con

Version: 3.0.3-2ubuntu2.1 2021-03-30 23:06:21 UTC

  corosync (3.0.3-2ubuntu2.1) focal; urgency=medium

  * d/p/lp1911904-Don-t-lock-all-current-and-future-memory-if-can-t-in.patch:
    - Don't mlockall() if setrlimit() fails (LP: #1911904)
  * d/p/lp1918735-try-unprivileged-knet-handle-new.patch:
    - Retry knet_handle_new without privileged flag (LP: #1918735)
  * d/t: don't skip tests now that we fixed crashing in container

 -- Dan Streetman <email address hidden> Wed, 10 Mar 2021 13:00:12 -0500
1911904 corosync locks all its current and future memory
1918735 fails to start in unprivileged container


About   -   Send Feedback to @ubuntu_updates