Red Hat Product Errata RHSA-2026:13644 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13644 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux High Availability for x86_64 10 x86_64 Red Hat Enterprise Linux High Availability for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems 10 s390x Red Hat Enterprise Linux High Availability for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM corosync-3.1.9-2.el10_1.1.src.rpm SHA-256: b9b4778261676f45bf9c9d819a273ec173dc3228aed8efe8d193408fac82a8d3 x86_64 corosync-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ee0e8a4718fd2fb8f885f8aba4f1e06f9b600252bff8038c820f0f163f1bfa1e corosync-debugsource-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 6bae6df333f4da4c9025495b0b58257b00d479aee4c67489860815d89a46ef32 corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ce0dc0dc7a4aca12ef41b0c0d2313f74c7797a687c4bbc916b10bb2a299f30f7 corosynclib-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: f9e8adb307f6f0ff3c82e12c46eaf98eb683cca42df3658e8c4ed2cf8f1b43b3 corosynclib-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 88ee8a7b1a46a01cf8669b47424eb3751a667de2f5e1b58ae248c59dd316dd54 Red Hat Enterprise Linux for IBM z Systems 10 SRPM corosync-3.1.9-2.el10_1.1.src.rpm SHA-256: b9b4778261676f45bf9c9d819a273ec173dc3228aed8efe8d193408fac82a8d3 s390x corosync-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 5c3665385480cfc8745580961bb85c65ae0096a985b8f0467e52edea80d612c5 corosync-debugsource-3.1.9-2.el10_1.1.s390x.rpm SHA-256: b1665076ee3ba07be05c1b74662e28fde2ade721128677081e6d5a3c90c9dec9 corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 6ffef022476068fc3230fc8ae2b5ba3f59fac1ec3bd5a256da21623848b5e18c corosynclib-3.1.9-2.el10_1.1.s390x.rpm SHA-256: f71511ee2d8ea871da18fea1126ef10f0db840e3e12732753cf1cfb940df4946 corosynclib-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 9c3405f982a54858817d83de421fa1e436b671797a7b45ee65e1bf64817158c7 Red Hat Enterprise Linux for Power, little endian 10 SRPM corosync-3.1.9-2.el10_1.1.src.rpm SHA-256: b9b4778261676f45bf9c9d819a273ec173dc3228aed8efe8d193408fac82a8d3 ppc64le corosync-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 1be9f17de5aa4f1868ec5bb6d2ff655f1c0e41bb11448a0c1e7785b007b4cb7d corosync-debugsource-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: b62a2cedcd6f10d2f15878f6838f16b2d1c519165d9f7dc330bdf673f63b6c6d corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 281468730b53dce4590f762e40b2e47c4dc94169ae782503c38e9355e0650413 corosynclib-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 9028c4068753b33fa216311767124f8bb106801c888c2af1e1042bf89a8c0f65 corosynclib-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 28740ab3b66530a01c9df51dfe84cc98740840b5f36da8a0cf3d3a9ca9637be6 Red Hat Enterprise Linux High Availability for x86_64 10 SRPM x86_64 corosync-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 5907bd5acf088bfc8eca079755ff01eac542848f071139abd576954138128516 corosync-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ee0e8a4718fd2fb8f885f8aba4f1e06f9b600252bff8038c820f0f163f1bfa1e corosync-debugsource-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 6bae6df333f4da4c9025495b0b58257b00d479aee4c67489860815d89a46ef32 corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ce0dc0dc7a4aca12ef41b0c0d2313f74c7797a687c4bbc916b10bb2a299f30f7 corosynclib-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 88ee8a7b1a46a01cf8669b47424eb3751a667de2f5e1b58ae248c59dd316dd54 corosynclib-devel-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: a87c8740b604eb703badb6f824ce16183f7073c0d8470100298b65bbe05a7523 Red Hat Enterprise Linux High Availability for ARM 64 10 SRPM aarch64 corosync-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: e742ff9a7f1db318cd28ca1f19620de3aa05034ea1d07841d7d7861b8a8d84ca corosync-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: c11e56e93a068062d9c6e800628f47faf1c31074000c2581bb53d8f1b5f137dd corosync-debugsource-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: 3a5d47cb11fb13f903e49dea004234512dac3f4b525e4226321428b17b18e2fb corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: ecdd3b202614e3198d64e25bff7c4aa68f065ae5995792fe7d917c3d81e805b8 corosynclib-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: 03bc0b889aa1ecd38183a9fd081469f0cc206183d93156628e59aabb84929fce corosynclib-devel-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: d3e6cd95c9fcd5d5950d0e2e3b9dcc5e7e86357bd851414444bee18de30dec86 Red Hat Enterprise Linux for ARM 64 10 SRPM corosync-3.1.9-2.el10_1.1.src.rpm SHA-256: b9b4778261676f45bf9c9d819a273ec173dc3228aed8efe8d193408fac82a8d3 aarch64 corosync-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: c11e56e93a068062d9c6e800628f47faf1c31074000c2581bb53d8f1b5f137dd corosync-debugsource-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: 3a5d47cb11fb13f903e49dea004234512dac3f4b525e4226321428b17b18e2fb corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: ecdd3b202614e3198d64e25bff7c4aa68f065ae5995792fe7d917c3d81e805b8 corosynclib-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: a17c26680c502d456b26e4fa486d3155ebd56de31fc573034fdad63cb9e6298b corosynclib-debuginfo-3.1.9-2.el10_1.1.aarch64.rpm SHA-256: 03bc0b889aa1ecd38183a9fd081469f0cc206183d93156628e59aabb84929fce Red Hat Enterprise Linux High Availability for IBM z Systems 10 SRPM s390x corosync-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 26b3e6de1665f65a84d2b8c631c5bdb3b1c7ce0e873568ff8d739bba65b4e7d4 corosync-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 5c3665385480cfc8745580961bb85c65ae0096a985b8f0467e52edea80d612c5 corosync-debugsource-3.1.9-2.el10_1.1.s390x.rpm SHA-256: b1665076ee3ba07be05c1b74662e28fde2ade721128677081e6d5a3c90c9dec9 corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 6ffef022476068fc3230fc8ae2b5ba3f59fac1ec3bd5a256da21623848b5e18c corosynclib-debuginfo-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 9c3405f982a54858817d83de421fa1e436b671797a7b45ee65e1bf64817158c7 corosynclib-devel-3.1.9-2.el10_1.1.s390x.rpm SHA-256: 5402c526306afa1b8286e0d012052988d1143dabb2cf6216770a0ba037396e6f Red Hat Enterprise Linux High Availability for Power, little endian 10 SRPM ppc64le corosync-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 077a6cf54e748cee3be499ebac59c0e4a03a6f146b8e8863ac422af983ff432c corosync-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 1be9f17de5aa4f1868ec5bb6d2ff655f1c0e41bb11448a0c1e7785b007b4cb7d corosync-debugsource-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: b62a2cedcd6f10d2f15878f6838f16b2d1c519165d9f7dc330bdf673f63b6c6d corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 281468730b53dce4590f762e40b2e47c4dc94169ae782503c38e9355e0650413 corosynclib-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 28740ab3b66530a01c9df51dfe84cc98740840b5f36da8a0cf3d3a9ca9637be6 corosynclib-devel-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 5d46337db639bf617e880d9af6d7465a7131551455b2fe2d1056af0570b84fee Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 corosync-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ee0e8a4718fd2fb8f885f8aba4f1e06f9b600252bff8038c820f0f163f1bfa1e corosync-debugsource-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 6bae6df333f4da4c9025495b0b58257b00d479aee4c67489860815d89a46ef32 corosync-vqsim-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: a98b1447c528d308e9db5e04b389dc8e7c6ffcf1460a3f61118ed336d25fcadb corosync-vqsim-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: ce0dc0dc7a4aca12ef41b0c0d2313f74c7797a687c4bbc916b10bb2a299f30f7 corosynclib-debuginfo-3.1.9-2.el10_1.1.x86_64.rpm SHA-256: 88ee8a7b1a46a01cf8669b47424eb3751a667de2f5e1b58ae248c59dd316dd54 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le corosync-debuginfo-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 1be9f17de5aa4f1868ec5bb6d2ff655f1c0e41bb11448a0c1e7785b007b4cb7d corosync-debugsource-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: b62a2cedcd6f10d2f15878f6838f16b2d1c519165d9f7dc330bdf673f63b6c6d corosync-vqsim-3.1.9-2.el10_1.1.ppc64le.rpm SHA-256: 07801775ddffc9388756b337897344edb39c88d7a2807684c3c5
Security News
Cybersecurity news aggregator