corosync-3.1.8-1.el8_10.1
エラータID: AXSA:2026-593:02
リリース日:
2026/05/11 Monday - 19:47
題名:
corosync-3.1.8-1.el8_10.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Corosync には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-35091)
- Corosync には、整数オーバーフローの問題があるため、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-35092)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
追加情報:
N/A
ダウンロード:
SRPMS
- corosync-3.1.8-1.el8_10.1.src.rpm
MD5: eb60e5490926a6d7a870dff1a0a915aa
SHA-256: ca56ddef3452ad97fae0277312c089815193058dfb6d36e72418e1fa2ccdad08
Size: 1.16 MB
Asianux Server 8 for x86_64
- corosync-3.1.8-1.el8_10.1.x86_64.rpm
MD5: 49b15b38e9ded73127d514ab68a43cd5
SHA-256: 084dd83ddf7c62a684e3ad2b2b2d6c1619dc128bffae9f4a31daf26192a42e90
Size: 278.69 kB - corosynclib-3.1.8-1.el8_10.1.i686.rpm
MD5: b737a69b4fd43cd40b3a71da2df478b7
SHA-256: bc12716e569926ee1e61465774dbf5d88eaac0a53382ca1a69ec4672e09ed89d
Size: 71.30 kB - corosynclib-3.1.8-1.el8_10.1.x86_64.rpm
MD5: a7481852fbc40f5e359e4e98ec333469
SHA-256: b8683108e1ff1a4343963b913b74d314fe4d9375ec371b22d10dd5c36ccdd6b3
Size: 68.73 kB - corosynclib-devel-3.1.8-1.el8_10.1.i686.rpm
MD5: 2754c60c35d4ac00454172db8da8babd
SHA-256: 42fa81eeacbc19dad373a36430ab35689155b28154df5d00fc736c772dd471ca
Size: 187.73 kB - corosynclib-devel-3.1.8-1.el8_10.1.x86_64.rpm
MD5: 1d35ec0d24fb143954065dc41a314ce0
SHA-256: 0f42d6248ef2f83474b570be30ec50d09a90377dd052955e375ccd54099726e2
Size: 187.76 kB - corosync-vqsim-3.1.8-1.el8_10.1.x86_64.rpm
MD5: 5aa3a7410ceb7bf2813e6ab84bb9d912
SHA-256: 6a81ca314bf8a5351c480c88466c68ea17481d8f5d5155a6bf06b95be1f4a0de
Size: 84.20 kB - spausedd-3.1.8-1.el8_10.1.x86_64.rpm
MD5: 6009eb61f26e06e1f00e065859832d6b
SHA-256: ca31f652904da605428aee8b3fdbaa0caf6987601fd181a2634458a89549152e
Size: 38.84 kB
English