ELSA-2026-13673

ULN >
Oracle Linux Errata repository >
ELSA-2026-13673

ELSA-2026-13673 - corosync security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2026-05-05

Description

[3.1.9-2.1]
- Resolves: RHEL-163815
- Resolves: RHEL-163836

- totemsrp: Return error if sanity check fails (fixes CVE-2026-35091)
- totemsrp: Fix integer overflow in memb_join_sanity (fixes CVE-2026-35092)

Related CVEs

CVE-2026-35091

CVE-2026-35092

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	corosync-3.1.9-2.el9_7.1.src.rpm	8ee87a59a91d6746dcfde9c950c565da86339630dc06e92df7317d78093ff386	-	ol9_aarch64_appstream
	corosync-3.1.9-2.el9_7.1.src.rpm	8ee87a59a91d6746dcfde9c950c565da86339630dc06e92df7317d78093ff386	-	ol9_aarch64_codeready_builder
	corosync-vqsim-3.1.9-2.el9_7.1.aarch64.rpm	95b6b6c1498824d39e559c0c5a40a3ccec9bfe48b487808a00d888cb0f6703f8	-	ol9_aarch64_codeready_builder
	corosynclib-3.1.9-2.el9_7.1.aarch64.rpm	b4a244e24b61821b457b8a12f675d874d29551d50b35bc9b0aaff2cd0216a75c	-	ol9_aarch64_codeready_builder

Oracle Linux 9 (x86_64)	corosync-3.1.9-2.el9_7.1.src.rpm	8ee87a59a91d6746dcfde9c950c565da86339630dc06e92df7317d78093ff386	-	ol9_x86_64_appstream
	corosync-3.1.9-2.el9_7.1.src.rpm	8ee87a59a91d6746dcfde9c950c565da86339630dc06e92df7317d78093ff386	-	ol9_x86_64_codeready_builder
	corosync-vqsim-3.1.9-2.el9_7.1.x86_64.rpm	f0d27a53d1645c85f7f29965f482b009cbf528539edbc6c003a508032f37c695	-	ol9_x86_64_codeready_builder
	corosynclib-3.1.9-2.el9_7.1.i686.rpm	8a97d34829c1e7e62e6c2782c9635cce2e70414de4727bdf3ac303afad62e33e	-	ol9_x86_64_appstream
	corosynclib-3.1.9-2.el9_7.1.x86_64.rpm	2205f4a6be1fd2ba9d9d08d580451e9bcb7ffd3be0f5b894453c1a2e3581751f	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691