corosync-3.1.10-1.el9.1
エラータID: AXSA:2026-1145:04
The corosync packages provide the Corosync Cluster Engine and C APIs for MIRACLE LINUX cluster software.
Security Fix(es):
* corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)
* corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Update packages.
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
N/A
SRPMS
- corosync-3.1.10-1.el9.1.src.rpm
MD5: 2ff4e804884368e224adc7135787948b
SHA-256: 8e924e1986cf60d42a104ddc20eb38fd0d00183037fac52746a921593cd720ba
Size: 1.14 MB
Asianux Server 9 for x86_64
- corosync-3.1.10-1.el9.1.x86_64.rpm
MD5: 4564edb69672d3979f256451b5069f8f
SHA-256: 2397d44e56ed84bf78da1875d74c5db9e71cd6df7acef4e6ae0266ca7a0b183c
Size: 272.62 kB - corosynclib-3.1.10-1.el9.1.i686.rpm
MD5: c5d7884f3d3c26338c10e927d7669e7b
SHA-256: 78dd53e7fd0ef3d15053a44441aaad8e7593c7977b1e1498dd44348325357a25
Size: 52.22 kB - corosynclib-3.1.10-1.el9.1.x86_64.rpm
MD5: 1a9a91bd0ff74bddff6915674288fb95
SHA-256: 8dcd4041662a4d30b2d3356a38a51cdca2eb5c4e66c05615ecb4ed7cded88e69
Size: 49.28 kB - corosynclib-devel-3.1.10-1.el9.1.i686.rpm
MD5: d67d7c260e3ca774a0ae7e6d3467588f
SHA-256: 591bf081e4f5feeff36df401452eb57d3640e997e97b78d514e80f483ad427cd
Size: 190.18 kB - corosynclib-devel-3.1.10-1.el9.1.x86_64.rpm
MD5: b4898de2e337d7d75f578878e297da45
SHA-256: 4af1a942fc0e24f6fb41094172759b6c4b837f39acf39b4ac0401b38bb0821ac
Size: 190.21 kB - corosync-vqsim-3.1.10-1.el9.1.x86_64.rpm
MD5: 76d9d363e9b39e143d9965c9b6ad6808
SHA-256: 8d482bbe36d592ec8e210520e35c0f04ca355cd0b777c9c90c69b17eaaad34f7
Size: 63.79 kB