Your message dated Sun, 10 May 2026 16:33:41 +0000
with message-id <[email protected]>
and subject line Bug#1133838: fixed in corosync 3.1.7-1+deb12u2
has caused the Debian Bug report #1133838,
regarding corosync: CVE-2026-35091
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1133838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133838
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: corosync
Version: CVE-2026-35092
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for corosync.
CVE-2026-35091[0]:
| A flaw was found in Corosync. A remote unauthenticated attacker can
| exploit a wrong return value vulnerability in the Corosync
| membership commit token sanity check by sending a specially crafted
| User Datagram Protocol (UDP) packet. This can lead to an out-of-
| bounds read, causing a denial of service (DoS) and potentially
| disclosing limited memory contents. This vulnerability affects
| Corosync when running in totemudp/totemudpu mode, which is the
| default configuration.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-35091
https://www.cve.org/CVERecord?id=CVE-2026-35091
[1]
https://github.com/corosync/corosync/commit/a16614accfdb3481264d7281843fadf439d9ab1b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: corosync
Source-Version: 3.1.7-1+deb12u2
Done: Ferenc Wágner <[email protected]>
We believe that the bug you reported is fixed in the latest version of
corosync, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ferenc Wágner <[email protected]> (supplier of updated corosync package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 23:24:43 +0200
Source: corosync
Architecture: source
Version: 3.1.7-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian HA Maintainers
<[email protected]>
Changed-By: Ferenc Wágner <[email protected]>
Closes: 1133837 1133838
Changes:
corosync (3.1.7-1+deb12u2) bookworm-security; urgency=high
.
* [809a6e8] New patch: totemsrp: Return error if sanity check fails.
Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838)
* [70d459c] New patch: totemsrp: Fix integer overflow in memb_join_sanity.
Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837)
Checksums-Sha1:
3c609a8367cdd24b5160826481ca2ef3075dfece 3530 corosync_3.1.7-1+deb12u2.dsc
1630181bcac161c6136c79979d1fa4a11356b5a3 1126053 corosync_3.1.7.orig.tar.gz
701c40a51c13d404b89bca53f637e34880761631 801 corosync_3.1.7.orig.tar.gz.asc
c76048a6da55e69c976396a8331db0f9d62d6106 28620
corosync_3.1.7-1+deb12u2.debian.tar.xz
72d316d7deb3ec6ca9625ce2c6aad56d2e4d784d 18240
corosync_3.1.7-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
3bd019b08d3f96ecbf70991e0e386448176ae0b7b7b0599484a77c26a3a7489a 3530
corosync_3.1.7-1+deb12u2.dsc
e6556b3a385965f21330b9383dcd1790f28a4f79e093982b40ea2ec23e0a29fa 1126053
corosync_3.1.7.orig.tar.gz
8b2b4bbcb8af17ed01c99a5f922d0630b0044850c99937a74d2afe81f8a33176 801
corosync_3.1.7.orig.tar.gz.asc
b863c9ca4b5e356875003382dc9a5623bb3bd02625cbead29bf7616acde984e6 28620
corosync_3.1.7-1+deb12u2.debian.tar.xz
e938d2730a3da87aaa3d283b18ccd24eb4241bc360170d29f090cb6291ae09f0 18240
corosync_3.1.7-1+deb12u2_amd64.buildinfo
Files:
c5b1fc9485bac8eed70dcf83f3341d2a 3530 admin optional
corosync_3.1.7-1+deb12u2.dsc
83652b5ed1feecc80eac2ac9c3a2771e 1126053 admin optional
corosync_3.1.7.orig.tar.gz
d521f74cb8b97c6a8face1f4d5b7373d 801 admin optional
corosync_3.1.7.orig.tar.gz.asc
d4beaa2d5cccb95c15e5d0ab1bfc126a 28620 admin optional
corosync_3.1.7-1+deb12u2.debian.tar.xz
5795462d31d3d107931f6d9b3400b473 18240 admin optional
corosync_3.1.7-1+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+NMgACgkQOsj3Fkd+
2yN4vxAAgiu8aNY85V4NrNrPTNn9QZRTPVGwg7YPhTCZC//OUDGsmweijlk/hFgW
wXk2F1B+Vebs+v/oi7vmO/mSa+srqrfPzwA7kO2xZD+HjDpmEIuZ81gM0K3E6zAV
wccACZi7ua4xYdyG4pjvHxdYFkQFfQG2H54AltIiPYwtKnsDIUU1GFG2ijQCPe5k
XlWDmVg4glj4Q8Kx2on2FYQvPifzYx/HId8aOTBQVDO1Auq/9NoMtWkNb5Zv3oQf
pbKPEVVBDJ7GnXIdX+m+wmHsYz6R6NId64l4fqeGMVMB28Oc1MrztpL04bsxOAg7
LWrcQPzn6gqh67a1IthNsiXdJpPcOhnuurUuZHQY0i/jTwPYFg9C5q04nhC0GSz3
CIDaIQak10zHutHBVJZKNfZDfacybPK+habR5KgbHEBnGQUE3ijumdEK9eoUiFFU
/PHswG41fFCKKSJafUmWl8MNSNkwR+xXNh/P5FJn/jwP6JBytDfeAAU4OjqbijsK
rBn0MU096Ed8pKINL2MQq4IgkH0NoK3g5DP+StpoeBa6PzeTp+Aw6pU0wCNVoZSZ
JB+5SXgaNUqxVUn7C6Gwo4I2piJuD3cM2wAmMGXf7nI6r0zCzWvH09cAfQgDvzJR
E5XFlV9Re9oUEPdDFhmW6sh2ZgtngquJgcbjj8CygIoAkqz6wM4=
=HE+v
-----END PGP SIGNATURE-----
pgpXYwHc1PGQY.pgp
Description: PGP signature
--- End Message ---
