A remote denial of service flaw was found in the way Corosync, the cluster engine and application programming interfaces, performed processing of network packets. Previously the HMAC key was not initialized properly, which allowed random targeted packets to be processed by the internal process of corosync and possibly leading to a daemon crash. References: [1] http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097833.html [2] http://lwn.net/Vulnerabilities/535234/ [3] https://bugs.mageia.org/show_bug.cgi?id=8905 Relevant upstream patch (might not be complete set): [4] https://github.com/corosync/corosync/commit/b3f456a8ceefac6e9f2e9acc2ea0c159d412b595
> Relevant upstream patch (might not be complete set): > [4] > https://github.com/corosync/corosync/commit/ > b3f456a8ceefac6e9f2e9acc2ea0c159d412b595 https://github.com/corosync/corosync/commit/55dc09ea237482f827333759fd45608bc9518d64 https://github.com/corosync/corosync/commit/ebb007a16c6a8d9e6f783ed82b324cb232c64be5 complete set is 3 patches.
CVE Request: http://www.openwall.com/lists/oss-security/2013/02/01/1
This issue did NOT affect the version of the corosync package, as shipped with Red Hat Enterprise Linux 6.
Statement: Not vulnerable. This issue did not affect the version of corosync as shipped with Red Hat Enterprise Linux 6.
The CVE identifier of CVE-2013-0250 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/02/01/3