corosync-3.1.8-1.el8_10.1

エラータID: AXSA:2026-593:02

Release date: 
Monday, May 11, 2026 - 19:47
Subject: 
corosync-3.1.8-1.el8_10.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The corosync packages provide the Corosync Cluster Engine and C APIs for Asianux Server cluster software.

Security Fix(es):

* corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)
* corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.

Solution: 

Update packages.

CVEs: 
CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Additional Info: 

N/A

Download: 

SRPMS
  1. corosync-3.1.8-1.el8_10.1.src.rpm
    MD5: eb60e5490926a6d7a870dff1a0a915aa
    SHA-256: ca56ddef3452ad97fae0277312c089815193058dfb6d36e72418e1fa2ccdad08
    Size: 1.16 MB

Asianux Server 8 for x86_64
  1. corosync-3.1.8-1.el8_10.1.x86_64.rpm
    MD5: 49b15b38e9ded73127d514ab68a43cd5
    SHA-256: 084dd83ddf7c62a684e3ad2b2b2d6c1619dc128bffae9f4a31daf26192a42e90
    Size: 278.69 kB
  2. corosynclib-3.1.8-1.el8_10.1.i686.rpm
    MD5: b737a69b4fd43cd40b3a71da2df478b7
    SHA-256: bc12716e569926ee1e61465774dbf5d88eaac0a53382ca1a69ec4672e09ed89d
    Size: 71.30 kB
  3. corosynclib-3.1.8-1.el8_10.1.x86_64.rpm
    MD5: a7481852fbc40f5e359e4e98ec333469
    SHA-256: b8683108e1ff1a4343963b913b74d314fe4d9375ec371b22d10dd5c36ccdd6b3
    Size: 68.73 kB
  4. corosynclib-devel-3.1.8-1.el8_10.1.i686.rpm
    MD5: 2754c60c35d4ac00454172db8da8babd
    SHA-256: 42fa81eeacbc19dad373a36430ab35689155b28154df5d00fc736c772dd471ca
    Size: 187.73 kB
  5. corosynclib-devel-3.1.8-1.el8_10.1.x86_64.rpm
    MD5: 1d35ec0d24fb143954065dc41a314ce0
    SHA-256: 0f42d6248ef2f83474b570be30ec50d09a90377dd052955e375ccd54099726e2
    Size: 187.76 kB
  6. corosync-vqsim-3.1.8-1.el8_10.1.x86_64.rpm
    MD5: 5aa3a7410ceb7bf2813e6ab84bb9d912
    SHA-256: 6a81ca314bf8a5351c480c88466c68ea17481d8f5d5155a6bf06b95be1f4a0de
    Size: 84.20 kB
  7. spausedd-3.1.8-1.el8_10.1.x86_64.rpm
    MD5: 6009eb61f26e06e1f00e065859832d6b
    SHA-256: ca31f652904da605428aee8b3fdbaa0caf6987601fd181a2634458a89549152e
    Size: 38.84 kB