RLSA-2026:3032

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2026:3032
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2026:3032.json
JSON Data
https://api.test.osv.dev/v1/vulns/RLSA-2026:3032
Upstream
Published
2026-02-24T18:52:02.882818Z
Modified
2026-02-25T05:48:52.292448Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Important: munge security update
Details

MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

Security Fix(es):

  • MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery (CVE-2026-25506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8 / munge

Package

Name
munge
Purl
pkg:rpm/rocky-linux/munge?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.5.13-3.el8_10
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2026:3032.json"