Upstream has issued an advisory on April 12:
The issue is fixed upstream in 2.4.4 and the message above contains a link to the commit that fixed it.
Mageia 5 and Mageia 6 are also affected.
2.4.4 submitted to mga7.
Patched version also submitted by Shlomi to fix this for Mageia 6.
Updated corosync packages fix security vulnerability:
An integer overflow leading to an out-of-bound read was found in
authenticate_nss_2_3() in Corosync. An attacker could craft a malicious
packet that would lead to a denial of service (CVE-2018-1084).
Updated packages in core/updates_testing:
MGA6-32 on Dell Latitude D600 MATE
No installation issues. left devel out.
This is about "high availability clusters", difficult to apply to this little lappy. Anyway, tried the simpliest commands I found:
/usr/bin/corosync-blackbox: regel 32: corosync-cmapctl: opdracht niet gevonden
/usr/bin/corosync-blackbox: regel 33: corosync-cmapctl: opdracht niet gevonden
/usr/bin/corosync-blackbox: regel 34: qb-blackbox: opdracht niet gevonden
meaning : command not found
Something missing ???
error [MAIN ] Can't read file /etc/corosync/corosync.conf reason = (No such file or directory)
error [MAIN ] Corosync Cluster Engine exiting with status 8 at main.c:1208.
File is not there, but a /etc/corosync/corosync.conf.example is, and that needs manual editing to get a valid conf file, according a tutorial I found googling.
Giving up here.
Debian has issued an advisory for this on April 17: