Red Hat Product Errata RHSA-2026:13673 - Security Advisory Issued: 2026-05-05 Updated: 2026-05-05 RHSA-2026:13673 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux High Availability for x86_64 9 x86_64 Red Hat Enterprise Linux High Availability for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux Resilient Storage for x86_64 9 x86_64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9 s390x Red Hat Enterprise Linux High Availability for IBM z Systems 9 s390x Red Hat Enterprise Linux Resilient Storage for Power, little endian 9 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM corosync-3.1.9-2.el9_7.1.src.rpm SHA-256: 9d353652eb31df9f46871ef156ed51cc8a9cf382cd29fd12cb37a95ebefda6d2 x86_64 corosync-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: b322d9a10c5c2ea135a7426ddbd8805b9480de73f7e9398ca980e3e0e1bfca58 corosync-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 44f90681ae6e46b48e8778c63ad1c266c5b359fdc9fc0e3a470d78397afb40c4 corosync-debugsource-3.1.9-2.el9_7.1.i686.rpm SHA-256: a42bd52b89bc8e948f20e1ca77d753ccf139e1f239e7d61fdc420435e9143004 corosync-debugsource-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 2b3656bfb9fabd33469fe12647be1a1372c8a61daf10393f2cc527d761a0ee47 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: db44da8acdbc66a7f3c223e10fafc92e2d13010ecec1447e18df6b2e9aee7641 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 4697d23e8d1e87c456927774b88e9dc59445c359f33602a04317c2fc3579a558 corosynclib-3.1.9-2.el9_7.1.i686.rpm SHA-256: 43bc249615d7fb4ba9a1dbc5341ecbb83863fb5e2a9fbeec7a5e4c78ffac75e1 corosynclib-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 13ecbffce39ecd001ba8e35b86941f5519669d254dc7becdbf5111a7a0bc1442 corosynclib-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: 279751e18218c43d71ce83c68b458a0b60b1bafc9be59c56fb4aeb2cf4c3def4 corosynclib-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 0f6304247468550af9fbf0ad7ca32df192a490cf69f06bb332f0224dbdb40240 Red Hat Enterprise Linux for IBM z Systems 9 SRPM corosync-3.1.9-2.el9_7.1.src.rpm SHA-256: 9d353652eb31df9f46871ef156ed51cc8a9cf382cd29fd12cb37a95ebefda6d2 s390x corosync-debuginfo-3.1.9-2.el9_7.1.s390x.rpm SHA-256: 3d09631020d752e3c21602b6e5501a2c13d817373fa259f9e21f7d4b42d5afb1 corosync-debugsource-3.1.9-2.el9_7.1.s390x.rpm SHA-256: cae0ef77e3494b1100e1464f541be048d8c87951973c25fa68a7289229cc4a85 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.s390x.rpm SHA-256: 66056a557b914567ba09236ae82ecf696c42cbe0119c878aab936645fbf09621 corosynclib-3.1.9-2.el9_7.1.s390x.rpm SHA-256: 138ea6454c87da88b3909f338fb9b1c247427bba7f2a2f5db7df6700a3a73fa8 corosynclib-debuginfo-3.1.9-2.el9_7.1.s390x.rpm SHA-256: 21933591096ce7451146292d5104d09539f0a63e1b2ba649e412de886a21c79e Red Hat Enterprise Linux for Power, little endian 9 SRPM corosync-3.1.9-2.el9_7.1.src.rpm SHA-256: 9d353652eb31df9f46871ef156ed51cc8a9cf382cd29fd12cb37a95ebefda6d2 ppc64le corosync-debuginfo-3.1.9-2.el9_7.1.ppc64le.rpm SHA-256: 59bcbcbdc5967a64b15073fd0896e37ae5c759d63eec6da59ad41c8fd3e1a799 corosync-debugsource-3.1.9-2.el9_7.1.ppc64le.rpm SHA-256: 7ece965180b4f3b4029b6aa1533b3567ca8dddf2ea6aa8a4448fde72c75e6bc7 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.ppc64le.rpm SHA-256: d006d2ec1a539e6159f9aaf643b7b51af8fa4f2f685819a41e02e59c9ba40a9b corosynclib-3.1.9-2.el9_7.1.ppc64le.rpm SHA-256: 35ee31c3eed6a2f67246187e48799607d1d76638af10cf3625f2e2c6239b62c7 corosynclib-debuginfo-3.1.9-2.el9_7.1.ppc64le.rpm SHA-256: 7b9f982d740739ca5a4cd60ddaa25509e815515088e40c66dc8821264f8077ff Red Hat Enterprise Linux High Availability for x86_64 9 SRPM x86_64 corosync-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: d58f9bee2cdf029ad4a8a2552c669ff531415c3dc6f453a2d8d807afc23a22fd corosync-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: b322d9a10c5c2ea135a7426ddbd8805b9480de73f7e9398ca980e3e0e1bfca58 corosync-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 44f90681ae6e46b48e8778c63ad1c266c5b359fdc9fc0e3a470d78397afb40c4 corosync-debugsource-3.1.9-2.el9_7.1.i686.rpm SHA-256: a42bd52b89bc8e948f20e1ca77d753ccf139e1f239e7d61fdc420435e9143004 corosync-debugsource-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 2b3656bfb9fabd33469fe12647be1a1372c8a61daf10393f2cc527d761a0ee47 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: db44da8acdbc66a7f3c223e10fafc92e2d13010ecec1447e18df6b2e9aee7641 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 4697d23e8d1e87c456927774b88e9dc59445c359f33602a04317c2fc3579a558 corosynclib-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: 279751e18218c43d71ce83c68b458a0b60b1bafc9be59c56fb4aeb2cf4c3def4 corosynclib-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 0f6304247468550af9fbf0ad7ca32df192a490cf69f06bb332f0224dbdb40240 corosynclib-devel-3.1.9-2.el9_7.1.i686.rpm SHA-256: ed3503cbf53b7ae51f2c83fa323dfebfe5fd7c6fad2cb719d272c794e87d715e corosynclib-devel-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: fd6a978dfdc0835967ac967187820fe348793ca1c3984be27b0f89f121795306 Red Hat Enterprise Linux High Availability for ARM 64 9 SRPM aarch64 corosync-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: 51a04cf10a560587738bcb2c8afe8d893f2989fb62128142475f55b69f10f56a corosync-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: e7defa7c1b7725834ac594558fa02f4e234dfea1e84150f4387cfc018b7713e4 corosync-debugsource-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: 1ca1a0221b50c39be434a91f059662cd92343d2c5c5f74d478fd821caf634572 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: eaf39ba10a8c040b28eb0191501d6758c9eeb12dbb34ccdd1099ed0f1d9cc38e corosynclib-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: ce206df73f20a9594edf14b58a2e6cb163573dd64d3ab92fbdacaf1621d0ad29 corosynclib-devel-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: 887dfa4c8340f2b07848e6f454b7e6823263eb4af1044a9de8714ee47fd20bab Red Hat Enterprise Linux for ARM 64 9 SRPM corosync-3.1.9-2.el9_7.1.src.rpm SHA-256: 9d353652eb31df9f46871ef156ed51cc8a9cf382cd29fd12cb37a95ebefda6d2 aarch64 corosync-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: e7defa7c1b7725834ac594558fa02f4e234dfea1e84150f4387cfc018b7713e4 corosync-debugsource-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: 1ca1a0221b50c39be434a91f059662cd92343d2c5c5f74d478fd821caf634572 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: eaf39ba10a8c040b28eb0191501d6758c9eeb12dbb34ccdd1099ed0f1d9cc38e corosynclib-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: 6a6458d180fdbe94b1ee19ed2887b762b13f6607864d194b0b480a71ca1a4682 corosynclib-debuginfo-3.1.9-2.el9_7.1.aarch64.rpm SHA-256: ce206df73f20a9594edf14b58a2e6cb163573dd64d3ab92fbdacaf1621d0ad29 Red Hat Enterprise Linux Resilient Storage for x86_64 9 SRPM x86_64 corosync-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: d58f9bee2cdf029ad4a8a2552c669ff531415c3dc6f453a2d8d807afc23a22fd corosync-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: b322d9a10c5c2ea135a7426ddbd8805b9480de73f7e9398ca980e3e0e1bfca58 corosync-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 44f90681ae6e46b48e8778c63ad1c266c5b359fdc9fc0e3a470d78397afb40c4 corosync-debugsource-3.1.9-2.el9_7.1.i686.rpm SHA-256: a42bd52b89bc8e948f20e1ca77d753ccf139e1f239e7d61fdc420435e9143004 corosync-debugsource-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 2b3656bfb9fabd33469fe12647be1a1372c8a61daf10393f2cc527d761a0ee47 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: db44da8acdbc66a7f3c223e10fafc92e2d13010ecec1447e18df6b2e9aee7641 corosync-vqsim-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 4697d23e8d1e87c456927774b88e9dc59445c359f33602a04317c2fc3579a558 corosynclib-debuginfo-3.1.9-2.el9_7.1.i686.rpm SHA-256: 279751e18218c43d71ce83c68b458a0b60b1bafc9be59c56fb4aeb2cf4c3def4 corosynclib-debuginfo-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: 0f6304247468550af9fbf0ad7ca32df192a490cf69f06bb332f0224dbdb40240 corosynclib-devel-3.1.9-2.el9_7.1.i686.rpm SHA-256: ed3503cbf53b7ae51f2c83fa323dfebfe5fd7c6fad2cb719d272c794e87d715e corosynclib-devel-3.1.9-2.el9_7.1.x86_64.rpm SHA-256: fd6a978dfdc0835967ac967187820fe34