Red Hat Product Errata RHSA-2026:14205 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:14205 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 10.0 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Red Hat Enterprise Linux High Availability for Power, little endian - 4 years of updates 10.0 ppc64le Red Hat Enterprise Linux High Availability for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM corosync-3.1.9-1.el10_0.2.src.rpm SHA-256: b7defea35e439045277e2dd2fd2043b51945da67762b1cc1275786cafea6d1cf x86_64 corosync-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: c47e1d944ac8ba26d06520ef05e55fc62790508d9635cc7e2bfce67a78871896 corosync-debugsource-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: 33ec6bd53191184d78f69d04e6726ad1c8b3c03696874703081b31b29e7b69e5 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: fa1710fbb0d366d673acf15a5a6b0394294d4b898bc040aea043d1142c132cf5 corosynclib-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: 987399dfe7e07d8bb4a715a2c83f17020eaa6405acad50473615a4b4ddda041c corosynclib-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: b7f84723bab5a7c9b4472b3636d271f086a8a1a11b6b8a532d69aca10726e2c8 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM corosync-3.1.9-1.el10_0.2.src.rpm SHA-256: b7defea35e439045277e2dd2fd2043b51945da67762b1cc1275786cafea6d1cf s390x corosync-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 257b39f1799b03d0819e849c869a7b7d4db2104dd3b60cd05c3bb7609ef63220 corosync-debugsource-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 3b9f116f61a3e87d04c127cd321b2e2a8b210b4b9d94d6bcdced583d57ac6aee corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 5ecc04d2dac91324c2efc0ffb3c0e3fc54d86d0f141d3381b5c25dc40f990c12 corosynclib-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 8264e54469bdb49ac81f3211162f7bb8523df931265cc575ee20adec4dc351b7 corosynclib-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 91fd30da3897d816451c898f1b3e92d4946385ee684fe022ace1a566ee9c79e8 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM corosync-3.1.9-1.el10_0.2.src.rpm SHA-256: b7defea35e439045277e2dd2fd2043b51945da67762b1cc1275786cafea6d1cf ppc64le corosync-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: 925896ad5d125a4c2dcf4e3d22354e05b4f9aec8ece0e907866d9a8485636116 corosync-debugsource-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: a44d46ef8ee1daeebacf944f4dd61fadfbbb512d96272a52c1e16a175e104868 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: b19922fe3c304d40c63ddc0d16e98f1b054c283f303cbbadb5e91fd9fea59d06 corosynclib-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: f42fcd9c579c06038f122b1cad0bd00b6256fe138fa48d31eb31a027d68d88a0 corosynclib-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: e2b0c923e8cb727c400dbfcea84665eeb3f0a05b3751b52b91727521fdc99255 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM corosync-3.1.9-1.el10_0.2.src.rpm SHA-256: b7defea35e439045277e2dd2fd2043b51945da67762b1cc1275786cafea6d1cf aarch64 corosync-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: aa6f75b5e1ec7f53c8fa64075d8a5d0a28facf7bc9cee1fabb39144174415725 corosync-debugsource-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: 0efcf13b9e74694f2c739d84269a3e4d5e91e56746e9bb768555e2f5d9e819c0 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: b9273d3b0973ddb54b51c57cb21704de016e3b6656700ce4f807ae2aec73b8e0 corosynclib-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: d076461d9404382a85cbfb2e9c7bdafd48b5d6cfce2c552747b16fcf20f2a9d4 corosynclib-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: fefbcf5c35059a399fc8f4c19c17b6bd7f2a09e8bf4205bbee0ca09b1c49d7e1 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 10.0 SRPM x86_64 corosync-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: 5fae2433fcb0723892ae80d4e06c9bc606a36a1a3b4c091c0831af88ab11a3cc corosync-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: c47e1d944ac8ba26d06520ef05e55fc62790508d9635cc7e2bfce67a78871896 corosync-debugsource-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: 33ec6bd53191184d78f69d04e6726ad1c8b3c03696874703081b31b29e7b69e5 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: fa1710fbb0d366d673acf15a5a6b0394294d4b898bc040aea043d1142c132cf5 corosynclib-debuginfo-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: b7f84723bab5a7c9b4472b3636d271f086a8a1a11b6b8a532d69aca10726e2c8 corosynclib-devel-3.1.9-1.el10_0.2.x86_64.rpm SHA-256: 0abfd3aa09c91591e8cfb9de00d1323c7ce0a09f1ca5720f50209cccab0a5914 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 10.0 SRPM ppc64le corosync-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: 734545b8c5b9bf38a43465e84d7ad544fa429768d3a9007c7a47cffe88c85b52 corosync-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: 925896ad5d125a4c2dcf4e3d22354e05b4f9aec8ece0e907866d9a8485636116 corosync-debugsource-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: a44d46ef8ee1daeebacf944f4dd61fadfbbb512d96272a52c1e16a175e104868 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: b19922fe3c304d40c63ddc0d16e98f1b054c283f303cbbadb5e91fd9fea59d06 corosynclib-debuginfo-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: e2b0c923e8cb727c400dbfcea84665eeb3f0a05b3751b52b91727521fdc99255 corosynclib-devel-3.1.9-1.el10_0.2.ppc64le.rpm SHA-256: c5b8de47f1e0b45bfa95704144068a5f9ac05ee0693aa8644c306f137b7fdf54 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 10.0 SRPM s390x corosync-3.1.9-1.el10_0.2.s390x.rpm SHA-256: ce694062183695eb537c6d329eb6bd05d9181da6ab7fea226276b76a349147a5 corosync-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 257b39f1799b03d0819e849c869a7b7d4db2104dd3b60cd05c3bb7609ef63220 corosync-debugsource-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 3b9f116f61a3e87d04c127cd321b2e2a8b210b4b9d94d6bcdced583d57ac6aee corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 5ecc04d2dac91324c2efc0ffb3c0e3fc54d86d0f141d3381b5c25dc40f990c12 corosynclib-debuginfo-3.1.9-1.el10_0.2.s390x.rpm SHA-256: 91fd30da3897d816451c898f1b3e92d4946385ee684fe022ace1a566ee9c79e8 corosynclib-devel-3.1.9-1.el10_0.2.s390x.rpm SHA-256: e86c8f33d1c9004688f70142ca56a36a85dc9f694dc837302b6e5a6be1788d67 Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 10.0 SRPM aarch64 corosync-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: 703834f45ad1cb099cae9b0f6251577db2ceae1452be6cd2885c512483531a5c corosync-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: aa6f75b5e1ec7f53c8fa64075d8a5d0a28facf7bc9cee1fabb39144174415725 corosync-debugsource-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: 0efcf13b9e74694f2c739d84269a3e4d5e91e56746e9bb768555e2f5d9e819c0 corosync-vqsim-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: b9273d3b0973ddb54b51c57cb21704de016e3b6656700ce4f807ae2aec73b8e0 corosynclib-debuginfo-3.1.9-1.el10_0.2.aarch64.rpm SHA-256: fefbcf5c35059a399f