Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 579
Alerts This Week
Warning Icon 1 579

Fedora 44 Corosync Critical Denial of Service Fix 2026-e34a334e81

fedora
Calendar Grey April 25, 2026
Dist Fedora Esm H88
Critical fix for Denial of Service in Corosync on Fedora 44 due to CVE-2026-35091 and CVE-2026-35092 vulnerabilities.
Security fix for CVE-2026-35091 and CVE-2026-35092

Summary

This package contains the Corosync Cluster Engine Executive, several default

APIs and libraries, default configuration files, and an init script.

Update Information:

Security fix for CVE-2026-35091 and CVE-2026-35092

Change Log

* Thu Apr 2 2026 Jan Friesse - 3.1.10-5 - totemsrp: Return error if sanity check fails (fixes CVE-2026-35091) - totemsrp: Fix integer overflow in memb_join_sanity (fixes CVE-2026-35092)

References


[ 1 ] Bug #2453169 - corosync: pre-auth OOB read in check_memb_commit_token_sanity + integer overflow in check_memb_join_sanity https://bugzilla.redhat.com/show_bug.cgi?id=2453169 [ 2 ] Bug #2453815 - CVE-2026-35091 corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453815 [ 3 ] Bug #2453821 - CVE-2026-35092 corosync: Corosync: Denial of Service via integer overflow in join message validation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453821

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e34a334e81' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: corosync
Product: Fedora 44
Version: 3.1.10
Release: 5.fc44
Summary: The Corosync Cluster Engine and Application Programming Interfaces

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.