Amazon Linux 2 Security Advisory: ALAS-2018-1014
Advisory Release Date: 2018-05-10 17:24 Pacific
Advisory Updated Date: 2018-05-11 00:00 Pacific
Severity:
Important
Issue Overview:
Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function
An integer overflow leading to an out-of-bound read was found in authenticate_nss_2_3() in Corosync. An attacker could craft a malicious packet that would lead to a denial of service.(CVE-2018-1084)
Affected Packages:
corosync
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update corosync to update your system.
New Packages:
src:
corosync-2.4.3-2.amzn2.1.src
x86_64:
corosync-2.4.3-2.amzn2.1.x86_64
corosync-debuginfo-2.4.3-2.amzn2.1.x86_64
corosynclib-2.4.3-2.amzn2.1.x86_64
corosynclib-devel-2.4.3-2.amzn2.1.x86_64
corosync-qdevice-2.4.3-2.amzn2.1.x86_64
corosync-qnetd-2.4.3-2.amzn2.1.x86_64