ALSA-2026:13673

[ALSA-2026:13673] Moderate: corosync security update

Type:

security

Severity:

moderate

Release date:

2026-05-08

Description:

The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software.  

Security Fix(es):  

  * corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)
  * corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	corosynclib-3.1.9-2.el9_7.1.aarch64.rpm	3fcd700e471c293af4e83911f1bf6bd5ab45d97bc896ca1fd5960761b825ee3f
aarch64	corosync-vqsim-3.1.9-2.el9_7.1.aarch64.rpm	4e49b5795adb57a10517789de1adf39660eb18db633df5b895a2e683bb3dc856
i686	corosynclib-3.1.9-2.el9_7.1.i686.rpm	442fe31a04a4787d160330b0a0c2a5608b458e355c68c3f27a5c0360bd4e30b9
i686	corosynclib-devel-3.1.9-2.el9_7.1.i686.rpm	528f6b3e6bc09d93b8787701f69524f48817278206ff05bba71e5e9932b4dd75
ppc64le	corosynclib-3.1.9-2.el9_7.1.ppc64le.rpm	b1507b99e0a9dbab5070fa3fbe0344d98bfb5bc773073d7a86eae560e6524c5b
ppc64le	corosync-3.1.9-2.el9_7.1.ppc64le.rpm	d8323517026f092f3b717dcea2bef2945d6b8b5e82dd7afa2c5501a00b7743ab
ppc64le	corosynclib-devel-3.1.9-2.el9_7.1.ppc64le.rpm	f7dee225b7c3e5316cb23203f83adf2d38066fdfa256a394ca6e94c5c5627aaa
ppc64le	corosync-vqsim-3.1.9-2.el9_7.1.ppc64le.rpm	f89b33abdf0cf4cc404d388fe22ce1dee45d28f742d61e9b8eb1ce5fb684ee3b
s390x	corosync-vqsim-3.1.9-2.el9_7.1.s390x.rpm	43a5a53803c8f16b9509f7cdadfde1b0326847e0cd1f5e0f730c397c7d229437
s390x	corosynclib-devel-3.1.9-2.el9_7.1.s390x.rpm	d08e6cc4a4a50edfe5f1798cbf4167a5649984b9c330f270033d9b06f64e7bba
s390x	corosynclib-3.1.9-2.el9_7.1.s390x.rpm	e803d9f40f39bd8a941311b8e219b6102497f24ce281b46fc71ff92d7bdbd286
s390x	corosync-3.1.9-2.el9_7.1.s390x.rpm	fe3573be9b235cfc01dbeab51b49d9f3b6e9b3cbdacaed154c897ff19458435e
x86_64	corosynclib-3.1.9-2.el9_7.1.x86_64.rpm	37037bff26d4ed18c83af195707a964f7474d8bbaab2da0bdc812ebd21527f14
x86_64	corosync-3.1.9-2.el9_7.1.x86_64.rpm	74565b5f484d471bd9cf6c03bee9dd51f093adeccc750fdf5ed870432943abc1
x86_64	corosynclib-devel-3.1.9-2.el9_7.1.x86_64.rpm	a1ccc698ce5ffe4e8785c9046d70968b3a41f97768210704c1b95b151f8c9877
x86_64	corosync-vqsim-3.1.9-2.el9_7.1.x86_64.rpm	c84be6ebc51ff3c2910364f61ff067492c62808559a48612c537802076fdb466

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.