[CLSA-2026:1776435617] corosync: Fix of 2 CVEs
Type:
security
Severity:
('Important', ['ELSCVE-86326', 'ELSCVE-86324'])
Release date:
2026-04-17 14:20:22 UTC
Description:
- CVE-2026-35091: fix incorrect return value in check_memb_commit_token_sanity allowing DoS via crafted memb_commit_token packet - CVE-2026-35092: fix integer overflow in check_memb_join_sanity allowing bypass of length validation via crafted memb_join packet
Updated packages:
  • corosync-3.1.7-1.el9.tuxcare.els2.x86_64.rpm
    sha:8a0e3a57d56a82963adc3f40db538e165df1d96fcee0c28a67c37f3cd4363e8d
  • corosync-vqsim-3.1.7-1.el9.tuxcare.els2.x86_64.rpm
    sha:c20dcebdbfbc208749df25c2da9683561ce87fe5a8abdf2f38b916707eb3ce2c
  • corosynclib-3.1.7-1.el9.tuxcare.els2.i686.rpm
    sha:604e93d78689d5276c286261759d94ee91652fe234c197ab71304b724bb47a48
  • corosynclib-3.1.7-1.el9.tuxcare.els2.x86_64.rpm
    sha:22fc4fb4f767022ef72d2c5c975792d856718fafbfd663a0b58b2e1b302ba91f
  • corosynclib-devel-3.1.7-1.el9.tuxcare.els2.i686.rpm
    sha:f85a8ebcb24bc7bd17703fdd9b0b0bcc67fab241e3db775d40551a7e5fb91069
  • corosynclib-devel-3.1.7-1.el9.tuxcare.els2.x86_64.rpm
    sha:3c643e996b1bc313223e92644809ea0cd0cfb71dfb39d7df36ec9154833bb992
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.