Red Hat Product Errata RHSA-2026:19043 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19043 - Security Advisory Overview Updated Packages Synopsis Moderate: corosync security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for corosync is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The corosync packages provide the Corosync Cluster Engine and C APIs for Red Hat Enterprise Linux cluster software. Security Fix(es): corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux High Availability for x86_64 10 x86_64 Red Hat Enterprise Linux High Availability for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux High Availability for IBM z Systems 10 s390x Red Hat Enterprise Linux High Availability for Power, little endian 10 ppc64le Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 10.2 s390x Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux High Availability for Power, little endian - 4 years of updates 10.2 ppc64le Red Hat Enterprise Linux High Availability for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 10.2 s390x Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 10.2 x86_64 Fixes BZ - 2453813 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet BZ - 2453814 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation CVEs CVE-2026-35091 CVE-2026-35092 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 x86_64 corosync-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 3c6f6b421e6c19d2bd0bc669e91c8cab95447aca76e055a81ccd1d4166748d15 corosync-debugsource-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 3fa2323d26df48af1d72505e3e74915de04a205c16e4a21e0644ab8900079045 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: fc2e48dde2f4cac9c497691982ce0aa13581b2c25bc4a969256da2ca4cee163c corosynclib-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 1f9fac292ac92ea1282087e179961df1a2182d10c030dd05bfec9d91e704cf7b corosynclib-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: c03fb44b0bec224ae4fc1edeca37baaf2a0d775441dbc573898e0871ec7df354 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 x86_64 corosync-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 3c6f6b421e6c19d2bd0bc669e91c8cab95447aca76e055a81ccd1d4166748d15 corosync-debugsource-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 3fa2323d26df48af1d72505e3e74915de04a205c16e4a21e0644ab8900079045 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: fc2e48dde2f4cac9c497691982ce0aa13581b2c25bc4a969256da2ca4cee163c corosynclib-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 1f9fac292ac92ea1282087e179961df1a2182d10c030dd05bfec9d91e704cf7b corosynclib-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: c03fb44b0bec224ae4fc1edeca37baaf2a0d775441dbc573898e0871ec7df354 Red Hat Enterprise Linux for IBM z Systems 10 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 s390x corosync-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 2488b98efe27ff0e1a4bce880309ad205997339974ca1669a098f80d396fc4f9 corosync-debugsource-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 1c2f2eaec7855e66a8911f2bed96b18a0df2d433f6391983a4668ceb586856f1 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 6122dca1ca62d1d36105331324eebdd8474d700f3180d4148e463c949d01cb78 corosynclib-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 8cd634301e33696e0c2641a097294bf0f59e2c11bd8429d252384482f4a23ae1 corosynclib-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 99f4890f7e6472158af18dc802113b0349786e2ad72e847bcba87c8c630b7617 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 s390x corosync-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 2488b98efe27ff0e1a4bce880309ad205997339974ca1669a098f80d396fc4f9 corosync-debugsource-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 1c2f2eaec7855e66a8911f2bed96b18a0df2d433f6391983a4668ceb586856f1 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 6122dca1ca62d1d36105331324eebdd8474d700f3180d4148e463c949d01cb78 corosynclib-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 8cd634301e33696e0c2641a097294bf0f59e2c11bd8429d252384482f4a23ae1 corosynclib-debuginfo-3.1.10-1.el10_2.1.s390x.rpm SHA-256: 99f4890f7e6472158af18dc802113b0349786e2ad72e847bcba87c8c630b7617 Red Hat Enterprise Linux for Power, little endian 10 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 ppc64le corosync-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 5e58bed779b469b62561dd88544c2ac5ddc8b16b6fddbbf61763f79ef73c8806 corosync-debugsource-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 49020d665dff7ef2502b0527a0e987ca7a6a398b84480ce060d4547808937fd3 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 26027477e35a66c668240bc1d1d2f86027f481d8675bf2a8c2e76a4d06505275 corosynclib-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 7daae5735154819f0e9fdd8bbc90beb7210fb9c5af8e25fbff4d6348dcdbade0 corosynclib-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 8f26acc4cfb06a9d04c96ac7f93bb8053d2ff5c81ac0cbd02056502acd37baaa Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM corosync-3.1.10-1.el10_2.1.src.rpm SHA-256: 713e54903865411c4c1720bcf4594d8435b8dd8191277910b785457156391208 ppc64le corosync-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 5e58bed779b469b62561dd88544c2ac5ddc8b16b6fddbbf61763f79ef73c8806 corosync-debugsource-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 49020d665dff7ef2502b0527a0e987ca7a6a398b84480ce060d4547808937fd3 corosync-vqsim-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 26027477e35a66c668240bc1d1d2f86027f481d8675bf2a8c2e76a4d06505275 corosynclib-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 7daae5735154819f0e9fdd8bbc90beb7210fb9c5af8e25fbff4d6348dcdbade0 corosynclib-debuginfo-3.1.10-1.el10_2.1.ppc64le.rpm SHA-256: 8f26acc4cfb06a9d04c96ac7f93bb8053d2ff5c81ac0cbd02056502acd37baaa Red Hat Enterprise Linux High Availability for x86_64 10 SRPM x86_64 corosync-3.1.10-1.el10_2.1.x86_64.rpm SHA-256: 53e4afb341667cda0d3ec7d69e4b0efa5befc95d6307f2024e6e57d6c73de110 corosync-debuginfo-3.1.10-1.el10_2.1.x86_64.rpm