ALAS2-2018-1014


Amazon Linux 2 Security Advisory: ALAS-2018-1014
Advisory Release Date: 2018-05-11 00:00 Pacific
Severity: Important
References: CVE-2018-1084 

Issue Overview:

Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.(CVE-2018-1084 )


Affected Packages:

corosync


Issue Correction:
Run yum update corosync to update your system.

New Packages:
src:
    corosync-2.4.3-2.amzn2.1.src

x86_64:
    corosync-2.4.3-2.amzn2.1.x86_64
    corosync-debuginfo-2.4.3-2.amzn2.1.x86_64
    corosynclib-2.4.3-2.amzn2.1.x86_64
    corosynclib-devel-2.4.3-2.amzn2.1.x86_64
    corosync-qdevice-2.4.3-2.amzn2.1.x86_64
    corosync-qnetd-2.4.3-2.amzn2.1.x86_64