34 matches found
Security Bulletin: IBM® Db2® is affected by a vulnerability in the corosync library. (CVE-2025-30472)
Summary If encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in exec/totemsrp.c via a large UDP packet. Note, this vulnerability has been fixed in Corosync 3.1.7-3 for Db2 11.5.9 and Corosync 3.1.8-6 for Db2 12.1.2 and late...
RLSA-2025:7201 Moderate: corosync security update
The corosync packages provide the Corosync Cluster Engine and C APIs for Rocky Linux cluster software. Security Fixes: corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
corosync security update
An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The corosync packages provide the Corosync Cluster Engine and C APIs for...
Debian: Security Advisory (DLA-4308-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 4308-1] corosync security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4308-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz September 22, 2025 https://wiki.debian.org/LTS -...
AlmaLinux 9 : corosync (ALSA-2025:7201)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:7201 advisory. corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 Tenable has extracted the preceding description block directly from the AlmaLinux...
Oracle Linux 10 : corosync (ELSA-2025-7478)
The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7478 advisory. 3.1.9-1.1 - Resolves: RHEL-84612 - totemsrp: Check size of orftoken msg fixes CVE-2025-30472 Tenable has extracted the preceding description block directly fro...
Security Bulletin: Due to use of Corosync, IBM MQ is vulnerable to a stack-based buffer overflow
Summary Corosync is used by IBM MQ as part of the RDQM component CVE-2025-30472 Vulnerability Details CVEID:CVE-2025-30472 DESCRIPTION: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orftokenendianconvert in...
RHEL 10 : corosync (RHSA-2025:7478)
The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7478 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosync: Stack...
RHEL 9 : corosync (RHSA-2025:7201)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:7201 advisory. The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fixes: corosync: Stack...
Fedora: Security Advisory (FEDORA-2025-c55f39aeb3)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-a350309ddb)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 9 : corosync (ELSA-2025-7201)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7201 advisory. - totemsrp: Check size of orftoken msg fixes CVE-2025-30472 Tenable has extracted the preceding description block directly from the Oracle Linux security...
Alibaba Cloud Linux 3 : 0066: corosync (ALINUX3-SA-2025:0066)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0066 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2025-30472: Corosync through 3.1.9, if encrypti...
Moderate: Red Hat Security Advisory: corosync security update
An update for corosync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
ALSA-2025:7201 Moderate: corosync security update
The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
ALSA-2025:7478 Moderate: corosync security update
The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Moderate: corosync security update
The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fixes: corosync: Stack buffer overflow from 'orftokenendianconvert' CVE-2025-30472 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
Ubuntu: Security Advisory (USN-7478-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2025-0127)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...