Overview

File _patchinfo of Package patchinfo.6022

<patchinfo incident="6022">
  <issue id="1066585" tracker="bnc">coroparse: uidgid with empty uid or gid results into add uid/gid 0</issue>
  <issue id="1083030" tracker="bnc">Corosync memory increases on ring breakup</issue>
  <issue id="1083561" tracker="bnc">[Build 489.1] Corosync is not working after upgrade from sle11sp4-ha to sle15-ha</issue>
  <issue id="1089346" tracker="bnc">VUL-0: CVE-2018-1084: corosync: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function</issue>
  <issue id="2018-1084" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>BinLiu</packager>
  <description>This update for corosync provides the following fixes:
    
- CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346)
- Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585)
- Fix a problem that was causing corosync memory to increase on ring breakup. (bsc#1083030)
- Fix a problem with configuration file incompatibilities that was causing corosync to not
  work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561)
</description>
  <summary>Security update for corosync</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places