Fedora 43 Corosync Critical DoS Fix for CVE-2026-35091 and CVE-2026-35092
fedora
April 8, 2026
Security fix for CVE-2026-35091 and CVE-2026-35092
Summary
This package contains the Corosync Cluster Engine Executive, several default
APIs and libraries, default configuration files, and an init script.
Update Information:
Security fix for CVE-2026-35091 and CVE-2026-35092
Topics Covered
Change Log
* Thu Apr 2 2026 Jan Friesse
References
[ 1 ] Bug #2453169 - corosync: pre-auth OOB read in check_memb_commit_token_sanity + integer overflow in check_memb_join_sanity
https://bugzilla.redhat.com/show_bug.cgi?id=2453169
[ 2 ] Bug #2453815 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453815
[ 3 ] Bug #2453821 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2453821
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ee4ff58256' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: corosync
Product: Fedora 43
Version: 3.1.10
Release: 2.fc43
Summary: The Corosync Cluster Engine and Application Programming Interfaces
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!