[SECURITY] [DLA 4308-1] corosync security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4308-1] corosync security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Mon, 22 Sep 2025 21:29:16 +0000 (UTC)
Message-id: <[🔎] c453ef81-692d-6a8d-47ee-11cf38351b@alteholz.de>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4308-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
September 22, 2025                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : corosync
Version        : 3.1.2-2+deb11u1
CVE ID         : CVE-2025-30472

An issue has been found in corosync, a cluster engine daemon andutilities. A stack-based buffer overflow may happen when encryption isdisabled or the attacker knows the encryption key and a large crafted UDPpacket has to be processed.



For Debian 11 bullseye, this problem has been fixed in version
3.1.2-2+deb11u1.

We recommend that you upgrade your corosync packages.

For the detailed security status of corosync please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/corosync

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmjRv61fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEdCoQ/+M0NqbBrSToHqgWSydCjUS/owP/OsBShL32MCeiFdk6kNXzhKpOx7r1lM
gByzjFLxmhxHR9+NsatcO7ojDI1S/LdLGhiaTauNekBujyBbGgDvAQZcScCkO44S
3/lEsSIWp/99+u/am9K52yCPzTgGY/uAI+HCwu6ykVb7fLAa5XEzPN9lyFAF3vuH
OnDr7URRFhmFvE+e3C/zBsB4AK+vfES6LlOUb4fTqzfkDK5fGe9AYE3n4SQCuKan
3xvz3i9WPBQpceJHewdSMrhtqmkdQqRAvCBSCzbr3/3mYjWwqM4kVw9Jl2+fF0yV
bT34FU5ntmBZd1YunlRz47O/RoPXaQ4gRg6VBKl8ZoTMh0i+brmCyo5jj38bP6bj
8Mtt4YjqcEmXtwbnAynpuw/MLgaCywtP1my1iiGAymRg6oeZtyYwV6svzW77PBui
mVcipoq6fcZDFSaSD5DHEqmm5qkXQjpQi1VNpe45MIYQQm11pL+gtTbrBG8UchoC
oEcwUlmU3D51LS5p2V4ohSc3vinQvNNqZZY8FEMSivb8KvtdsHGb4MXafecfkpUc
gNZEbRRNMGY2EyOJD2o9D+Z6AsJ5OwyFrYCqpqqRu0+eW/GwMPQ5sdoVxNlVdXs5
mqCFd9NAGkxCB7C1Hp5nhPEv4g3fC7MlK6PPxR7BrLWa8Pxk7lM=
=BcrA
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4307-1] jq security update
Next by Date: [SECURITY] [DLA 4309-1] libxslt security update
Previous by thread: [SECURITY] [DLA 4307-1] jq security update
Next by thread: [SECURITY] [DLA 4309-1] libxslt security update
Index(es):
- Date
- Thread