Red Hat Product Errata RHSA-2026:14212 - Security Advisory Issued: 2026-05-06 Updated: 2026-05-06 RHSA-2026:14212 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.4 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 9.4 s390x Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 9.4 x86_64 Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM corosync-3.1.8-1.el9_4.1.src.rpm SHA-256: 5fb2d0866d9dae5576601bbccde6ca1d8403f6a37b5d9a8d740e44e0f4a9266c x86_64 corosync-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 07bef3bc761612fe01f37e3b83658b41879868c99398ac96fa50d7140a454d14 corosync-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: bab567af532adc53839d8436826e1de31bba04193be61e672734d4cab6fe9c5c corosync-debugsource-3.1.8-1.el9_4.1.i686.rpm SHA-256: 8b26f1d0ee7379d54da4bf33178090c2259d3db8efc120a9948ee4d72cb5e1cf corosync-debugsource-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 8ca9e084242daf36bd76a1084cbf584d1583efa179a8e130aab18b796ce6db08 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 1e6e4d85cfcb2bac73735f4fd32cd2eb603b312cf94ce573e323444bc09643f9 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 41f54e30e5646f2bd4274b34cc6d661edee295195534a1c80d26ffb4d6f5b4a0 corosynclib-3.1.8-1.el9_4.1.i686.rpm SHA-256: bfefda156c0c0e2e2becff609791d67fcb9dcb7af698d2aee1e03b40760347c3 corosynclib-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 5654537b2e341409ab9f1aeeabf32b45fcee58165706b494be08f9d8258e1bfb corosynclib-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 9113ef38d87c639b5d22c901c68d27826db38718c43785ce958a29cc32d164f9 corosynclib-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 88626002e5204681218e277a73fd0dc327a55648dff1013c1606a736e07b08ba Red Hat Enterprise Linux Server - AUS 9.4 SRPM corosync-3.1.8-1.el9_4.1.src.rpm SHA-256: 5fb2d0866d9dae5576601bbccde6ca1d8403f6a37b5d9a8d740e44e0f4a9266c x86_64 corosync-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 07bef3bc761612fe01f37e3b83658b41879868c99398ac96fa50d7140a454d14 corosync-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: bab567af532adc53839d8436826e1de31bba04193be61e672734d4cab6fe9c5c corosync-debugsource-3.1.8-1.el9_4.1.i686.rpm SHA-256: 8b26f1d0ee7379d54da4bf33178090c2259d3db8efc120a9948ee4d72cb5e1cf corosync-debugsource-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 8ca9e084242daf36bd76a1084cbf584d1583efa179a8e130aab18b796ce6db08 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 1e6e4d85cfcb2bac73735f4fd32cd2eb603b312cf94ce573e323444bc09643f9 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 41f54e30e5646f2bd4274b34cc6d661edee295195534a1c80d26ffb4d6f5b4a0 corosynclib-3.1.8-1.el9_4.1.i686.rpm SHA-256: bfefda156c0c0e2e2becff609791d67fcb9dcb7af698d2aee1e03b40760347c3 corosynclib-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 5654537b2e341409ab9f1aeeabf32b45fcee58165706b494be08f9d8258e1bfb corosynclib-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 9113ef38d87c639b5d22c901c68d27826db38718c43785ce958a29cc32d164f9 corosynclib-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 88626002e5204681218e277a73fd0dc327a55648dff1013c1606a736e07b08ba Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.4 SRPM x86_64 corosync-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: d155c53d2e8328d3f6ea328ff2e26aaa86312a1febbc9e1a18f560456c6981dc corosync-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 07bef3bc761612fe01f37e3b83658b41879868c99398ac96fa50d7140a454d14 corosync-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: bab567af532adc53839d8436826e1de31bba04193be61e672734d4cab6fe9c5c corosync-debugsource-3.1.8-1.el9_4.1.i686.rpm SHA-256: 8b26f1d0ee7379d54da4bf33178090c2259d3db8efc120a9948ee4d72cb5e1cf corosync-debugsource-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 8ca9e084242daf36bd76a1084cbf584d1583efa179a8e130aab18b796ce6db08 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 1e6e4d85cfcb2bac73735f4fd32cd2eb603b312cf94ce573e323444bc09643f9 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 41f54e30e5646f2bd4274b34cc6d661edee295195534a1c80d26ffb4d6f5b4a0 corosynclib-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 9113ef38d87c639b5d22c901c68d27826db38718c43785ce958a29cc32d164f9 corosynclib-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 88626002e5204681218e277a73fd0dc327a55648dff1013c1606a736e07b08ba corosynclib-devel-3.1.8-1.el9_4.1.i686.rpm SHA-256: 80770de8288b68d33fef1e8be7860e4d33d11aca4107cb86b780f27734093f43 corosynclib-devel-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 039a0bc6df9bbd006fa232c6a8f5d7680df83eb4e713f82b2fb0b01c9147d25f Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.4 SRPM x86_64 corosync-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: d155c53d2e8328d3f6ea328ff2e26aaa86312a1febbc9e1a18f560456c6981dc corosync-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 07bef3bc761612fe01f37e3b83658b41879868c99398ac96fa50d7140a454d14 corosync-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: bab567af532adc53839d8436826e1de31bba04193be61e672734d4cab6fe9c5c corosync-debugsource-3.1.8-1.el9_4.1.i686.rpm SHA-256: 8b26f1d0ee7379d54da4bf33178090c2259d3db8efc120a9948ee4d72cb5e1cf corosync-debugsource-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 8ca9e084242daf36bd76a1084cbf584d1583efa179a8e130aab18b796ce6db08 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 1e6e4d85cfcb2bac73735f4fd32cd2eb603b312cf94ce573e323444bc09643f9 corosync-vqsim-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 41f54e30e5646f2bd4274b34cc6d661edee295195534a1c80d26ffb4d6f5b4a0 corosynclib-debuginfo-3.1.8-1.el9_4.1.i686.rpm SHA-256: 9113ef38d87c639b5d22c901c68d27826db38718c43785ce958a29cc32d164f9 corosynclib-debuginfo-3.1.8-1.el9_4.1.x86_64.rpm SHA-256: 88626002e5204681218e277a73fd0dc327a55648dff1013c1606a736e07b08ba corosynclib-devel-3.1.8-1.el9_4.1.i686.rpm SHA-256: 80770de8288b68d33fef1e8be7860e4d33d11aca4107cb86b780f27734093f43 corosynclib-devel-3.1.8-