Your message dated Sun, 10 May 2026 16:32:05 +0000
with message-id <[email protected]>
and subject line Bug#1133838: fixed in corosync 3.1.9-2+deb13u1
has caused the Debian Bug report #1133838,
regarding corosync: CVE-2026-35091
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1133838: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133838
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: corosync
Version: CVE-2026-35092
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for corosync.
CVE-2026-35091[0]:
| A flaw was found in Corosync. A remote unauthenticated attacker can
| exploit a wrong return value vulnerability in the Corosync
| membership commit token sanity check by sending a specially crafted
| User Datagram Protocol (UDP) packet. This can lead to an out-of-
| bounds read, causing a denial of service (DoS) and potentially
| disclosing limited memory contents. This vulnerability affects
| Corosync when running in totemudp/totemudpu mode, which is the
| default configuration.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-35091
https://www.cve.org/CVERecord?id=CVE-2026-35091
[1]
https://github.com/corosync/corosync/commit/a16614accfdb3481264d7281843fadf439d9ab1b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: corosync
Source-Version: 3.1.9-2+deb13u1
Done: Ferenc Wágner <[email protected]>
We believe that the bug you reported is fixed in the latest version of
corosync, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ferenc Wágner <[email protected]> (supplier of updated corosync package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 07 May 2026 22:36:24 +0200
Source: corosync
Architecture: source
Version: 3.1.9-2+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian HA Maintainers
<[email protected]>
Changed-By: Ferenc Wágner <[email protected]>
Closes: 1133837 1133838
Changes:
corosync (3.1.9-2+deb13u1) trixie-security; urgency=high
.
* [128a6c1] New patch: totemsrp: Return error if sanity check fails.
Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838)
* [f46d7eb] New patch: totemsrp: Fix integer overflow in memb_join_sanity.
Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837)
Checksums-Sha1:
8c988428e51a41f9f3640ce02068c1478dedde1b 3527 corosync_3.1.9-2+deb13u1.dsc
2ceb27fe91b45d64eabbfec59ae1937e71697296 1173752 corosync_3.1.9.orig.tar.gz
75542a3860618304074d6834b864d57623248846 833 corosync_3.1.9.orig.tar.gz.asc
37482e179d0e3191d804694e7f3ea01d2d04ab62 29240
corosync_3.1.9-2+deb13u1.debian.tar.xz
4fc1340465ede7991afbdc96d1869a5c5936324f 17780
corosync_3.1.9-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
2548699634f9d6e00c0f891e511757a7b226372b9a91dbd1d6faecc6625ff31e 3527
corosync_3.1.9-2+deb13u1.dsc
203354bbddee1a97b3c50a076eae89c635f406dd674ccaefc94bb9092acd9535 1173752
corosync_3.1.9.orig.tar.gz
56ec7d4946a7cba06a5ba7d9010fa1dab96fb0473e617ca08bf9adcc461e8c0d 833
corosync_3.1.9.orig.tar.gz.asc
4f71eae2bd36a2df04f0ed88703ae2e50f0e2c6ac329e6007947dbe732eafdaf 29240
corosync_3.1.9-2+deb13u1.debian.tar.xz
9fd4c4fddda17003f9f76c040bd1c35258dc8a6a2771107a03163d2e9fe00413 17780
corosync_3.1.9-2+deb13u1_amd64.buildinfo
Files:
7bcc6d7e5cf60380464479d145479628 3527 admin optional
corosync_3.1.9-2+deb13u1.dsc
4d2ec0131fbce1e30773903a19d3f064 1173752 admin optional
corosync_3.1.9.orig.tar.gz
e8b971df39b3c496d56ae723909e8710 833 admin optional
corosync_3.1.9.orig.tar.gz.asc
5beb85e191ff9f34a282dcd56fba985e 29240 admin optional
corosync_3.1.9-2+deb13u1.debian.tar.xz
9abffd059b4373fa88a6be88c909b190 17780 admin optional
corosync_3.1.9-2+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+Nh0ACgkQOsj3Fkd+
2yOixRAAkEWP6uZqCVUTROMb02zrRve5Wj6WeuXmhbaeJeVv0WaAjJNsVmBFXzEz
7/0zA4ajMcG2gX9emKmW0HuDc/SUf6kGUr5/IqbSu7uAbXRxE8K2vVfUtobIWVEU
/Bl9MgSknO3wXUSB/YBrWFR7GEjkl845Kv3MfEkd241L5HkVx7VQ0P2HmYgMqGyJ
Tw2P9Ku5viYQ+1J+jkLFK46zNxTtiAkFRo9e4oBPFSn5D+xvrsiNAuFxwTckhVbg
ky9+FQBMHT4tv1qUhSdG3DaHivfqEuIBKygD4ezs6Ycp7B02IDHTS7qljHNOaWdI
NLKOgI4c6Q/CyYhggH/qphBfk6li1yBS7bGv1l0aNIbGZRgI2HN0jTspZY6EaKEL
RYgumK+MnOrEx7Z3OLAcCsurYglP4lG5QQd8K7UesTpWrZJBL1NKtEvRHRQQkUTQ
WvRI36YjnQQWkg9/KikpTlfCbA7hie1x95gRV23haKjRWRwYTN1iYtx2bKvfMQCd
zkXawywUIgcRwOzsOHaWI+9UUdRGV2Jn4KF5ALQNmqmRZqEq+c80hSyD/tcb5Dwd
d1gv1VJtVA0llJjTl8JiuMA/lfmtg/8+rIMezdN86NAWJpZ+Qo33OR2Di3ySeblX
hlprEkPoIq2aXbRbEzjOypB7g8uZv0Y9qQIjfgX9hxxEPEf8XT0=
=EHYV
-----END PGP SIGNATURE-----
pgpTWPXzDfFzA.pgp
Description: PGP signature
--- End Message ---
