[El-errata] ELSA-2026-13673 Moderate: Oracle Linux 9 corosync security update

Fri May 8 23:37:00 UTC 2026

Oracle Linux Security Advisory ELSA-2026-13673

http://linux.oracle.com/errata/ELSA-2026-13673.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
corosync-vqsim-3.1.9-2.el9_7.1.x86_64.rpm
corosynclib-3.1.9-2.el9_7.1.i686.rpm
corosynclib-3.1.9-2.el9_7.1.x86_64.rpm

aarch64:
corosync-vqsim-3.1.9-2.el9_7.1.aarch64.rpm
corosynclib-3.1.9-2.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/corosync-3.1.9-2.el9_7.1.src.rpm

Related CVEs:

CVE-2026-35091
CVE-2026-35092

Description of changes:

[3.1.9-2.1]
- Resolves: RHEL-163815
- Resolves: RHEL-163836

- totemsrp: Return error if sanity check fails (fixes CVE-2026-35091)
- totemsrp: Fix integer overflow in memb_join_sanity (fixes CVE-2026-35092)