Red Hat Product Errata RHSA-2026:13657 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13657 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux High Availability for x86_64 8 x86_64 Red Hat Enterprise Linux High Availability for ARM 64 8 aarch64 Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux Resilient Storage for x86_64 8 x86_64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8 s390x Red Hat Enterprise Linux High Availability for IBM z Systems 8 s390x Red Hat Enterprise Linux Resilient Storage for Power, little endian 8 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for x86_64 8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 8.10 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 8.10 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 8.10 x86_64 Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM corosync-3.1.8-1.el8_10.1.src.rpm SHA-256: 018afb243c009edab853ff81135223b8683a652d6a90562c4daa656e9c7c3fb3 x86_64 corosync-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 38642a9052fdccf07c5da6a1d4ef940206aa566d689c71922e8d32f0120c50d5 corosync-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: ddbcaac88d010b3c108a1f1cad6ca6a4fa9f154c35442c579006c06f0229b5f1 corosync-debugsource-3.1.8-1.el8_10.1.i686.rpm SHA-256: d4c5c5787d502f42d27ca8907ffa3b2655b86eb7704feb6d0ef5a948fe94a3a4 corosync-debugsource-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 4aa7101b2bf25fa629e790e0a30dd275bb2d5745ff00779745f868849f61babc corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 4ff001737e7fbe3acda1ba3a68d61b770843d1ee3fafa8db36f6a6887e8bd229 corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 3d57ab7de1bce8d41d84df3a41d60f1e1b6cf0d8b07d8b2c40a3a9a0b586675b corosynclib-3.1.8-1.el8_10.1.i686.rpm SHA-256: 02a8af0e94e0c78461e8973a6330f01e280bb6404d9a2e52bd5088fffddb151b corosynclib-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 3d42f18e2432e749276414ad22f7161d7b49e5d60ee4a58b39fa433b005088c6 corosynclib-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 8f70e9f59a574654de4b92e3e3474323749cb68e7b585a0fa0af109328451110 corosynclib-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: dd79a10adb37d185b53e3377e453512fd6721c09d03f47b45bcf425ca6813c9d spausedd-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 6e3030d7f69cb12b21ae5b268c68456209ee5dd0375c949c09d4b157cdd3ef96 spausedd-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: fcfe6f495eb904cebbec75c48cb8e4bf0a942da321d7069ff1358d4cb8966dab Red Hat Enterprise Linux for IBM z Systems 8 SRPM corosync-3.1.8-1.el8_10.1.src.rpm SHA-256: 018afb243c009edab853ff81135223b8683a652d6a90562c4daa656e9c7c3fb3 s390x corosync-debuginfo-3.1.8-1.el8_10.1.s390x.rpm SHA-256: d5912ec9511f25d8ac5d8222ef6d9b234d77f1fb2fe36a6b20b83d767695fe6a corosync-debugsource-3.1.8-1.el8_10.1.s390x.rpm SHA-256: 39bdbf56886b68d7207bcecd8ad80728cdef53605a61fe0a91e816f7b41960c3 corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.s390x.rpm SHA-256: 5820523a7401f19ca6642106cf35179c2ee9b2a99e7718e9a2431c097fd2b0a1 corosynclib-3.1.8-1.el8_10.1.s390x.rpm SHA-256: 33ee6cd4ec059514314080985eca9b44d9e1bca084afca31996e5c28bc28fe7e corosynclib-debuginfo-3.1.8-1.el8_10.1.s390x.rpm SHA-256: 93347fc88f2cf88904281e40e9754207f85f32b589d4bfd8221e98927270e70e spausedd-debuginfo-3.1.8-1.el8_10.1.s390x.rpm SHA-256: 148135b8aeb5abb4ce7809f4058f24264dd60c83a67e60f03462dbb91e40d169 Red Hat Enterprise Linux for Power, little endian 8 SRPM corosync-3.1.8-1.el8_10.1.src.rpm SHA-256: 018afb243c009edab853ff81135223b8683a652d6a90562c4daa656e9c7c3fb3 ppc64le corosync-debuginfo-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: 76d4f777eb24d522398ca4c2a6011a6e03f8f72e98868901f7d9723a31f3dac9 corosync-debugsource-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: 051ecfc6f449755111012235897c7c0e7463b80bb22a2995745d34b36e1c039c corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: bec468a6036c71c1195cd94ef4b3d5235621fe2d67b5763c7fb53426f2662d46 corosynclib-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: 39e4035179bb80beb729193cad5854f1149103115ad87371004859a36ef15778 corosynclib-debuginfo-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: 874436d4f3581ef74810df75722dafba18094c4d1dd7927379ac8aa0dde0f61c spausedd-debuginfo-3.1.8-1.el8_10.1.ppc64le.rpm SHA-256: 19537419223774f70bfba661ff946d316d407bfe1aa9dc018a2583b25c737900 Red Hat Enterprise Linux High Availability for x86_64 8 SRPM x86_64 corosync-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: ec7893c4c51e8927c5143867b7229963add9f8d2f6ce5191ed4ed2826f296791 corosync-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 38642a9052fdccf07c5da6a1d4ef940206aa566d689c71922e8d32f0120c50d5 corosync-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: ddbcaac88d010b3c108a1f1cad6ca6a4fa9f154c35442c579006c06f0229b5f1 corosync-debugsource-3.1.8-1.el8_10.1.i686.rpm SHA-256: d4c5c5787d502f42d27ca8907ffa3b2655b86eb7704feb6d0ef5a948fe94a3a4 corosync-debugsource-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 4aa7101b2bf25fa629e790e0a30dd275bb2d5745ff00779745f868849f61babc corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 4ff001737e7fbe3acda1ba3a68d61b770843d1ee3fafa8db36f6a6887e8bd229 corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 3d57ab7de1bce8d41d84df3a41d60f1e1b6cf0d8b07d8b2c40a3a9a0b586675b corosynclib-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 8f70e9f59a574654de4b92e3e3474323749cb68e7b585a0fa0af109328451110 corosynclib-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: dd79a10adb37d185b53e3377e453512fd6721c09d03f47b45bcf425ca6813c9d corosynclib-devel-3.1.8-1.el8_10.1.i686.rpm SHA-256: 7816dd46b867c1485f4c2171e6d6016d24ccd114a14094ab27c559f5929a8ba4 corosynclib-devel-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 23c4944900de25226aa55631f71da55373da617acabf6f2ba3cacc68e3d1c3da spausedd-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: 6569c06e146a771f0035129c7d303ede769541464c00f4ea4dcc8b93cd0a4358 spausedd-debuginfo-3.1.8-1.el8_10.1.i686.rpm SHA-256: 6e3030d7f69cb12b21ae5b268c68456209ee5dd0375c949c09d4b157cdd3ef96 spausedd-debuginfo-3.1.8-1.el8_10.1.x86_64.rpm SHA-256: fcfe6f495eb904cebbec75c48cb8e4bf0a942da321d7069ff1358d4cb8966dab Red Hat Enterprise Linux High Availability for ARM 64 8 SRPM aarch64 corosync-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 9843d98cdca8226a8e1f1ab3d2d353073ed5b57abb6a2c7d292e64a3ff0c8aad corosync-debuginfo-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 141e5f79a1d0c30c760bebdd7ef2b5c17779f3e1cce54de102befe08f2894733 corosync-debugsource-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 8cd86dd68198e1ceb9ace88c334e01f351284c1f6a694c4a27d14929fd52e3f9 corosync-vqsim-debuginfo-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: c2b82a2b0cdb9c86c99ecad0c2979ac000d291f636c3ecbe4c9fb5bb3da792fa corosynclib-debuginfo-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 6edcd18fb04d658537a97b7a60732a33ad06beb5080227280a969f2f16c02a15 corosynclib-devel-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 9d1bca73cb6982e4c560f8f878435a304a704a6cd78cb14a27ebb3516b65cb57 spausedd-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 153cc9d71261cbb0b7020983202a95f3f89ebf3cdee544245de51c0c07228742 spausedd-debuginfo-3.1.8-1.el8_10.1.aarch64.rpm SHA-256: 2b8e5cf8398f3bf596a92f1e61991da0724935f08dfba3254acff3b8201d46fc Red Hat Enterprise Linux for ARM 64 8 SRPM corosync-3.1