ALSA-2026:3033

[ALSA-2026:3033] Important: munge security update

Type:

security

Severity:

important

Release date:

2026-02-26

Description:

MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.  

Security Fix(es):  

  * MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery (CVE-2026-25506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	munge-0.5.15-11.el10_1.aarch64.rpm	0bf19fc4cbe4da93befe6f68f14dde7d34216beae88e6c405a10f68dab2e8bed
aarch64	munge-devel-0.5.15-11.el10_1.aarch64.rpm	138b865ee1818353c7cd178ab5dcc49ee5a36297f4307f7574bf5d0a9ca26771
aarch64	munge-libs-0.5.15-11.el10_1.aarch64.rpm	994fa06df42cdba490d6464eaa9f96928b750b1d2a347a26d9e350834ef56ca0
ppc64le	munge-0.5.15-11.el10_1.ppc64le.rpm	8a9eb69f4f2f4b2e4d3ffb3ec355190d33de623286ca3007eb04c41428b433cd
ppc64le	munge-devel-0.5.15-11.el10_1.ppc64le.rpm	ce9d270f047f4853b735dfcb3ba54935225b0bee1bbf8b825be7b575d0a41fcf
ppc64le	munge-libs-0.5.15-11.el10_1.ppc64le.rpm	edeaac0bd8db9ed71749c6757accc102e99578f0a8fe885ce822dfa5800da170
s390x	munge-0.5.15-11.el10_1.s390x.rpm	0617f3362e30aeee7181e622771f094e9efd9772e3c061ecc265b6c8ea30d20e
s390x	munge-devel-0.5.15-11.el10_1.s390x.rpm	62188bbe6897156c0b3c9abb5d3e1d0f53ed495189ce69c13b1ea7be536dd540
s390x	munge-libs-0.5.15-11.el10_1.s390x.rpm	f178d8462f603eb0525e5dcd43486ef306cc54868ade5d391ca625c93914f013
x86_64	munge-devel-0.5.15-11.el10_1.x86_64.rpm	2cacc3805628222e31ba154e3d7efbde9f7b4b4b3f7c107346795dd6cc760bfc
x86_64	munge-0.5.15-11.el10_1.x86_64.rpm	b79b475bb7119d6e0b6770c29c47d956812605198051f9da52a254a2585a7944
x86_64	munge-libs-0.5.15-11.el10_1.x86_64.rpm	eadc770e285075b3194d3b062bcc5518150b7ac3e01f30f324e4418e8d5f5c0f
x86_64_v2	munge-devel-0.5.15-11.el10_1.x86_64_v2.rpm	36eb6230ade313ad636fe870de86baa568e2627671820d2bf6987adb4cdbeb27
x86_64_v2	munge-libs-0.5.15-11.el10_1.x86_64_v2.rpm	595d1b31b5f589f75257903e3f48301d4879f433a011bdfb438a5768794eee17
x86_64_v2	munge-0.5.15-11.el10_1.x86_64_v2.rpm	8cddd6311e581fa1fc5e205350bf493050f03d025a67e82aad166be7e51100af

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.