========================================================================== Ubuntu Security Notice USN-4000-1 May 30, 2019 corosync vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Corosync could be made to crash or execute arbitrary code if it received a specially crafted request. Software Description: - corosync: cluster engine daemon and utilities Details: It was discovered that Corosync incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: corosync 2.4.3-0ubuntu1.1 libtotem-pg5 2.4.3-0ubuntu1.1 Ubuntu 16.04 LTS: corosync 2.3.5-3ubuntu2.3 libtotem-pg5 2.3.5-3ubuntu2.3 After a standard system update you need to restart Corosync to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-4000-1 CVE-2018-1084 Package Information: https://launchpad.net/ubuntu/+source/corosync/2.4.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/corosync/2.3.5-3ubuntu2.3