------------------------------------------------------------------------- Debian LTS Advisory DLA-4608-1 [email protected] https://www.debian.org/lts/security/ Emmanuel Arias May 30, 2026 https://wiki.debian.org/LTS -------------------------------------------------------------------------
Package : corosync
Version : 3.1.2-2+deb11u2
CVE ID : CVE-2026-35091 CVE-2026-35092
Debian Bug : 1133837 1133838
Two vulnerabilities have been found in corosync, a cluster engine daemon and
utilities, that allow a remote, unauthenticated attacker to cause a denial of
service.
CVE-2026-35091
A remote unauthenticated attacker can exploit a wrong return value
vulnerability in the Corosync membership commit token sanity check by
sending a specially crafted User Datagram Protocol (UDP) packet. This can
lead to an out-of-bounds read, causing a denial of service (DoS) and
potentially disclosing limited memory contents.
CVE-2026-35092
An integer overflow vulnerability in Corosync's join message sanity
validation allows a remote, unauthenticated attacker to send crafted User
Datagram Protocol (UDP) packets. This can cause the service to crash,
leading to a denial of service.
For Debian 11 bullseye, these problems have been fixed in version
3.1.2-2+deb11u2.
We recommend that you upgrade your corosync packages.
For the detailed security status of corosync please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/corosync
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
signature.asc
Description: PGP signature
