Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.10: USN-7478-1 critical: Corosync denial of service

ubuntu
Calendar Grey May 5, 2025
Dist Ubuntu Esm H88
Corosync on Ubuntu is vulnerable to a denial of service threat; ensure you apply updates promptly for securing system stability.
Corosync could be made to crash if it received specially crafted network traffic.

Summary

Corosync could be made to crash if it received specially crafted network

traffic.

Software Description:

- corosync: cluster engine daemon and utilities

Details:

It was discovered that Corosync incorrectly handled certain large UDP

packets. If encryption is disabled, or an attacker knows the encryption

key, this issue could be used to cause Corosync to crash, resulting in a

denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   corosync                        3.1.8-2ubuntu1.1

Ubuntu 24.04 LTS
   corosync                        3.1.7-1ubuntu3.1

Ubuntu 22.04 LTS
   corosync                        3.1.6-1ubuntu1.1

Ubuntu 20.04 LTS
   corosync                        3.0.3-2ubuntu2.2

After a standard system update you need to restart Corosync to make all the
necessary changes.

References

https://ubuntu.com/security/notices/USN-7478-1

CVE-2025-30472

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7478-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here