ALSA-2026:13644

[ALSA-2026:13644] Moderate: corosync security update

Type:

security

Severity:

moderate

Release date:

2026-05-13

Description:

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software.  

Security Fix(es):  

  * corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)
  * corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	corosynclib-3.1.9-2.el10_1.1.aarch64.rpm	8af843324fea435fb7f2d8af204f49dde2833fdf14e240a9217622278a08183e
aarch64	corosync-vqsim-3.1.9-2.el10_1.1.aarch64.rpm	ee3b82c71531f0a5fd8ceb8ac657483eeb17fa872e8c8e191db4d232ba581230
ppc64le	corosynclib-devel-3.1.9-2.el10_1.1.ppc64le.rpm	350c707dbb8d24720ab0e4c82cc1d02973b618ab9ff0ae61a56ca593f885b664
ppc64le	corosynclib-3.1.9-2.el10_1.1.ppc64le.rpm	865673afb1d412600af4bde70ea79e1fa26cb1d88bf8a86dc92e7f57cc3fd900
ppc64le	corosync-3.1.9-2.el10_1.1.ppc64le.rpm	9050f9af0048ff70fca362e7d966d763f8695b41820f5a11f32ae84e1b0a1abd
ppc64le	corosync-vqsim-3.1.9-2.el10_1.1.ppc64le.rpm	a4b0a92a3062b4a1114c59ba75064c783b9e635dc606dec6db9d1508c1c24521
s390x	corosynclib-devel-3.1.9-2.el10_1.1.s390x.rpm	2a0acd208741bf384fcceddea21858debae6322c7f1428704191dcea1f7a7b3a
s390x	corosync-3.1.9-2.el10_1.1.s390x.rpm	741dd32f4bdc91f131104ddda0e0f45c6aebbd1fd1c3fa2e6301ed6f84cde3ad
s390x	corosync-vqsim-3.1.9-2.el10_1.1.s390x.rpm	e5f4d32a9975911d240b3bbc0ce27378e3d4b7ef492e466ad0e155a0412079c4
s390x	corosynclib-3.1.9-2.el10_1.1.s390x.rpm	fa688ba04412089612d5078d4b8b23f395b419a826f96e16b4f0e588988c3592
x86_64	corosynclib-3.1.9-2.el10_1.1.x86_64.rpm	1065296ac7e0b78de612abfb2dd4365f3c6549b959d4648aa312310b0d2c69b9
x86_64	corosync-3.1.9-2.el10_1.1.x86_64.rpm	14c9d705b42185ca3da078e299205b93c0c49b085b7d9ece7b16657b3eded1f9
x86_64	corosync-vqsim-3.1.9-2.el10_1.1.x86_64.rpm	3f5f6be500cbeedc4776e5eec60d026298fb598a14ce2861769a9ce90f2a3fd0
x86_64	corosynclib-devel-3.1.9-2.el10_1.1.x86_64.rpm	a1a5daf3af09f97581b57c60311296a2439e04cec29f25292466fa4c0b4adad9
x86_64_v2	corosync-vqsim-3.1.9-2.el10_1.1.x86_64_v2.rpm	0bb1fa48597fbdaaa7e221507c58e7191c7f1c4653af9c38b602282a0b5dad48
x86_64_v2	corosynclib-devel-3.1.9-2.el10_1.1.x86_64_v2.rpm	56485296ef7bad9d08eb1196ec221fb6d0213acf7628301beec7dd04636eb6dc
x86_64_v2	corosync-3.1.9-2.el10_1.1.x86_64_v2.rpm	921c598b148958b275c665bc1c54e8d50f373ebee6c197bd238c482012e7bade
x86_64_v2	corosynclib-3.1.9-2.el10_1.1.x86_64_v2.rpm	ab3ac83f711763ab3d441636d03b24d4ee2190345accddc3e3a59e1c201bb058

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.