Red Hat Product Errata RHSA-2026:14213 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:14213 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.6 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.6 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.6 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 9.6 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 9.6 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 9.6 x86_64 Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM corosync-3.1.9-2.el9_6.1.src.rpm SHA-256: dab8053584c8564cf0d2ffebb3d110371bc49e5321fcb22aa1f0dd4bfdfa6a99 x86_64 corosync-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: 5c0a804a66e4b3c8df4401ee53da74b41380c89b1870843458ba3ee2751e816e corosync-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 4d0dbc31281ef50df791fb9a74a4cd61ef640ee3792372b220efe7fa181cfa07 corosync-debugsource-3.1.9-2.el9_6.1.i686.rpm SHA-256: f908313ab18d6fef89ccdf823d3774b3bd8f3c996af06a3a392ca562d5cb0b47 corosync-debugsource-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 81c696a61621b8f3ca0de3afa202dcc51e565da6f0620eeec8445200f3696162 corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: bcc62f895977e02cb9a85f3c388b6d6fcb75687cfe747d6895e00e1ead2f00ce corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 759a77c7c968acfbe5ef17922062752d400560217696f8745a11e7d2cb7d3f9b corosynclib-3.1.9-2.el9_6.1.i686.rpm SHA-256: 2840bf76ed7a77939e1a74420da70a8bd1b2efb72ef772e629ff5629d43036e3 corosynclib-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: ee8bec61c35c61cbe7b37cbf3355972a38999d86d34baf5b4f3b44ad9a959ed3 corosynclib-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: 603194bdcdff9f7f862c6f114d537099719c966a2f12e83068bcbe08cc0f19d8 corosynclib-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 0ee8bddca64e4aa5244d254e07ced4ce96a52fb8da6a2b5b8500796d4330258d Red Hat Enterprise Linux Server - AUS 9.6 SRPM corosync-3.1.9-2.el9_6.1.src.rpm SHA-256: dab8053584c8564cf0d2ffebb3d110371bc49e5321fcb22aa1f0dd4bfdfa6a99 x86_64 corosync-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: 5c0a804a66e4b3c8df4401ee53da74b41380c89b1870843458ba3ee2751e816e corosync-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 4d0dbc31281ef50df791fb9a74a4cd61ef640ee3792372b220efe7fa181cfa07 corosync-debugsource-3.1.9-2.el9_6.1.i686.rpm SHA-256: f908313ab18d6fef89ccdf823d3774b3bd8f3c996af06a3a392ca562d5cb0b47 corosync-debugsource-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 81c696a61621b8f3ca0de3afa202dcc51e565da6f0620eeec8445200f3696162 corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: bcc62f895977e02cb9a85f3c388b6d6fcb75687cfe747d6895e00e1ead2f00ce corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 759a77c7c968acfbe5ef17922062752d400560217696f8745a11e7d2cb7d3f9b corosynclib-3.1.9-2.el9_6.1.i686.rpm SHA-256: 2840bf76ed7a77939e1a74420da70a8bd1b2efb72ef772e629ff5629d43036e3 corosynclib-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: ee8bec61c35c61cbe7b37cbf3355972a38999d86d34baf5b4f3b44ad9a959ed3 corosynclib-debuginfo-3.1.9-2.el9_6.1.i686.rpm SHA-256: 603194bdcdff9f7f862c6f114d537099719c966a2f12e83068bcbe08cc0f19d8 corosynclib-debuginfo-3.1.9-2.el9_6.1.x86_64.rpm SHA-256: 0ee8bddca64e4aa5244d254e07ced4ce96a52fb8da6a2b5b8500796d4330258d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM corosync-3.1.9-2.el9_6.1.src.rpm SHA-256: dab8053584c8564cf0d2ffebb3d110371bc49e5321fcb22aa1f0dd4bfdfa6a99 s390x corosync-debuginfo-3.1.9-2.el9_6.1.s390x.rpm SHA-256: 23b55b66d9859a1874f6dda7a0d8ac8e128ef92336a56782b5dfdbb5f35a795c corosync-debugsource-3.1.9-2.el9_6.1.s390x.rpm SHA-256: aab412d29e68d2c06219725ae0b00689dd1b4e968426281456c55f317a57764f corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.s390x.rpm SHA-256: 0bb630c2cc5d10616432e0774421c5e35496896fd9543e556b432b5d52801263 corosynclib-3.1.9-2.el9_6.1.s390x.rpm SHA-256: 9f75306d4e101c8771ad3fd1bd4250575dfdda54e110e17a6424194c22b45a50 corosynclib-debuginfo-3.1.9-2.el9_6.1.s390x.rpm SHA-256: 76729dbbff181a85bc018093ac9bdb62f94c60b43ea0d92dc627118c981780e2 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM corosync-3.1.9-2.el9_6.1.src.rpm SHA-256: dab8053584c8564cf0d2ffebb3d110371bc49e5321fcb22aa1f0dd4bfdfa6a99 ppc64le corosync-debuginfo-3.1.9-2.el9_6.1.ppc64le.rpm SHA-256: 4f8db451631ebdeea05902f40b1f79f70a9b0f687ac5d7b42442dbe07236f788 corosync-debugsource-3.1.9-2.el9_6.1.ppc64le.rpm SHA-256: f871427270bae28f488fc440ff5152da1332a16402672bb0d9f2e89bf4a0c076 corosync-vqsim-debuginfo-3.1.9-2.el9_6.1.ppc64le.rpm SHA-256: 234efc1aab5aab91ed4073a0c22efeca1d4d6a1df6d9620b01fb75a22b777360 corosynclib-3.1.9-2.el9_6.1.ppc64le.rpm SHA-256: 396ce561e945d5ad99e205e6ef0a6fa159464c02e5b32ad4a5993c8c3ca46efb corosynclib-debuginfo-3.1.9-2.el9_6.1.ppc64le.rpm SHA-256: 34faacf3a42db08960c12a9b9c8c8ae62b7e4947e8b2b5bd3eb61ea9a161b4c5 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM corosync-3.1.9-2.el9_6.1.src.rpm SHA-256: dab8053584c8564cf0d2ffebb3d110371bc49e5321fcb22aa1f0dd4bfdfa6a99 aarch64 corosync-debuginfo-3.1.9-2.el9_6.1.aarch64.rpm SHA-256: e21caffc49a980525bcfa806a5b717423dce7a60214eda37b03e3e17c67fcea9 corosync-debugsource-3.1.9-2.el9_6.1.aarch64.rpm SHA-256: 5ae2d96782c9bb715fec34a4dff3b50b7fe33a5ad67e0b47279adfe1c61265b7 co