Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 658354 (CVE-2018-1084)

Summary: <sys-cluster/corosync-3.0.4: Integer overflow in exec/totemcrypto.c:authenticate_nss_2_3() function (CVE-2018-1084)
Product: Gentoo Security Reporter: Florian Schuhmacher <mynt1aa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: cluster, prometheanfire, robbat2, titanofold
Priority: Normal Flags: nattka: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
See Also: https://github.com/gentoo/gentoo/pull/16803
Whiteboard: B3 [glsa? cleanup cve]
Package list:
sys-cluster/corosync-3.1.0 sys-cluster/libqb-2.0.1-r1 x86 sys-cluster/kronosnet-1.19 amd64 ppc ppc64 x86 app-admin/augeas-1.12.0 ppc ppc64 app-doc/NaturalDocs-1.52-r1 ppc64
Runtime testing required: ---

Description Florian Schuhmacher 2018-06-18 00:36:47 UTC
Potential pre-authentication buffer overflow due to integer overflow in
exec/totemcrypto.c:authenticate_nss_2_3() function can lead to denial of
service or potentially to remote code execution.

corosync before version 2.4.4 is vulnerable.

Gentoo Security Scout
Florian Schuhmacher
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2019-03-12 07:45:55 UTC
CVE-2018-1084 Detail
Current Description
corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c.
Comment 2 Sam James archtester gentoo-dev Security 2020-03-19 01:43:20 UTC
@maintainers, please create an appropriate ebuild, and call for stabilisation when ready.
Comment 3 Sam James archtester gentoo-dev Security 2020-06-20 02:04:25 UTC
ping
Comment 4 Larry the Git Cow gentoo-dev 2020-10-21 12:59:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e50ae9c2a0231556f783652e6951e49222744bd0

commit e50ae9c2a0231556f783652e6951e49222744bd0
Author:     Timo Rothenpieler <btbn@btbn.de>
AuthorDate: 2020-07-24 19:34:00 +0000
Commit:     Alexys Jacob <ultrabug@gentoo.org>
CommitDate: 2020-10-21 12:58:09 +0000

    sys-cluster/corosync: bump for 3.0.4
    
    Bug: https://bugs.gentoo.org/658354
    Signed-off-by: Timo Rothenpieler <btbn@btbn.de>
    Signed-off-by: Alexys Jacob <ultrabug@gentoo.org>

 sys-cluster/corosync/Manifest              |  1 +
 sys-cluster/corosync/corosync-3.0.4.ebuild | 69 ++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)
Comment 5 John Helmert III gentoo-dev Security 2020-10-21 14:07:47 UTC
Please stabilize when ready.
Comment 6 NATTkA bot gentoo-dev 2020-10-21 14:09:15 UTC Comment hidden (obsolete)
Comment 7 NATTkA bot gentoo-dev 2020-11-07 04:05:53 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2020-11-09 16:25:22 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2020-11-12 17:13:43 UTC Comment hidden (obsolete)
Comment 10 NATTkA bot gentoo-dev 2021-01-08 19:25:11 UTC Comment hidden (obsolete)
Comment 11 NATTkA bot gentoo-dev 2021-01-08 19:37:19 UTC Comment hidden (obsolete)
Comment 12 NATTkA bot gentoo-dev 2021-01-08 20:01:19 UTC Comment hidden (obsolete)
Comment 13 NATTkA bot gentoo-dev 2021-01-08 20:13:22 UTC Comment hidden (obsolete)
Comment 14 NATTkA bot gentoo-dev 2021-01-08 20:22:09 UTC
All sanity-check issues have been resolved
Comment 15 Sam James archtester gentoo-dev Security 2021-01-09 06:56:49 UTC
ppc64 done
Comment 16 Sam James archtester gentoo-dev Security 2021-01-10 21:58:19 UTC
amd64 done
Comment 17 Sam James archtester gentoo-dev Security 2021-01-14 23:59:13 UTC
x86 done
Comment 18 Sam James archtester gentoo-dev Security 2021-01-15 22:07:25 UTC
ppc done

all arches done
Comment 19 John Helmert III gentoo-dev Security 2021-01-15 22:12:25 UTC
Please cleanup.