[El-errata] ELSA-2026-13644 Moderate: Oracle Linux 10 corosync security update

Thu May 14 22:42:17 UTC 2026

Oracle Linux Security Advisory ELSA-2026-13644

http://linux.oracle.com/errata/ELSA-2026-13644.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
corosync-vqsim-3.1.9-2.el10_1.1.x86_64.rpm
corosynclib-3.1.9-2.el10_1.1.x86_64.rpm

aarch64:
corosync-vqsim-3.1.9-2.el10_1.1.aarch64.rpm
corosynclib-3.1.9-2.el10_1.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/corosync-3.1.9-2.el10_1.1.src.rpm

Related CVEs:

CVE-2026-35091
CVE-2026-35092

Description of changes:

[3.1.9-2.1]
- Resolves: RHEL-163801
- Resolves: RHEL-163822

- totemsrp: Return error if sanity check fails (fixes CVE-2026-35091)
- totemsrp: Fix integer overflow in memb_join_sanity (fixes CVE-2026-35092)