{"affected":[{"ecosystem_specific":{"binaries":[{"corosync":"2.3.6-9.13.1","libcorosync4":"2.3.6-9.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 12 SP3","name":"corosync","purl":"pkg:rpm/suse/corosync&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3.6-9.13.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libcorosync-devel":"2.3.6-9.13.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP3","name":"corosync","purl":"pkg:rpm/suse/corosync&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.3.6-9.13.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for corosync fixes the following issue:\n- CVE-2018-1084: Integer overflow in totemcrypto:authenticate_nss_2_3() could lead to command execution (bsc#1089346)\n- Providing an empty uid or gid results in coroparse adding uid 0. (bsc#1066585)\n- Fix a problem with configuration file incompatibilities that was causing corosync to not\n  work after upgrading from SLE-11-SP4-HA to SLE-12/15-HA. (bsc#1083561)\n","id":"SUSE-SU-2018:1121-1","modified":"2018-05-02T06:02:49Z","published":"2018-05-02T06:02:49Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181121-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066585"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083561"},{"type":"REPORT","url":"https://bugzilla.suse.com/1089346"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1084"}],"related":["CVE-2018-1084"],"summary":"Security update for corosync","upstream":["CVE-2018-1084"]}