corosync-3.1.10-1.el9.1
エラータID: AXSA:2026-1145:04
リリース日:
2026/07/01 Wednesday - 16:01
題名:
corosync-3.1.10-1.el9.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Corosync には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-35091)
- Corosync には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-35092)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-35091
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents
CVE-2026-35092
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
追加情報:
N/A
ダウンロード:
SRPMS
- corosync-3.1.10-1.el9.1.src.rpm
MD5: 2ff4e804884368e224adc7135787948b
SHA-256: 8e924e1986cf60d42a104ddc20eb38fd0d00183037fac52746a921593cd720ba
Size: 1.14 MB
Asianux Server 9 for x86_64
- corosync-3.1.10-1.el9.1.x86_64.rpm
MD5: 4564edb69672d3979f256451b5069f8f
SHA-256: 2397d44e56ed84bf78da1875d74c5db9e71cd6df7acef4e6ae0266ca7a0b183c
Size: 272.62 kB - corosynclib-3.1.10-1.el9.1.i686.rpm
MD5: c5d7884f3d3c26338c10e927d7669e7b
SHA-256: 78dd53e7fd0ef3d15053a44441aaad8e7593c7977b1e1498dd44348325357a25
Size: 52.22 kB - corosynclib-3.1.10-1.el9.1.x86_64.rpm
MD5: 1a9a91bd0ff74bddff6915674288fb95
SHA-256: 8dcd4041662a4d30b2d3356a38a51cdca2eb5c4e66c05615ecb4ed7cded88e69
Size: 49.28 kB - corosynclib-devel-3.1.10-1.el9.1.i686.rpm
MD5: d67d7c260e3ca774a0ae7e6d3467588f
SHA-256: 591bf081e4f5feeff36df401452eb57d3640e997e97b78d514e80f483ad427cd
Size: 190.18 kB - corosynclib-devel-3.1.10-1.el9.1.x86_64.rpm
MD5: b4898de2e337d7d75f578878e297da45
SHA-256: 4af1a942fc0e24f6fb41094172759b6c4b837f39acf39b4ac0401b38bb0821ac
Size: 190.21 kB - corosync-vqsim-3.1.10-1.el9.1.x86_64.rpm
MD5: 76d9d363e9b39e143d9965c9b6ad6808
SHA-256: 8d482bbe36d592ec8e210520e35c0f04ca355cd0b777c9c90c69b17eaaad34f7
Size: 63.79 kB