[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 4477-1] munge security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4477-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
February 10, 2026                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : munge
Version        : 0.5.14-4+deb11u1
CVE ID         : CVE-2026-25506


Titouan Lazard discovered a buffer overflow vulnerability in munge, an
authentication service to create and validate credentials, which may
allow local users to leak the MUNGE cryptographic key and forge
arbitrary credentials.

Additional details can be found in the upstream advisory:
https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh


For Debian 11 bullseye, this problem has been fixed in version
0.5.14-4+deb11u1.

We recommend that you upgrade your munge packages.

For the detailed security status of munge please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/munge

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmLfJNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcl/g/9ENBv8qBPEM45IKBL9na5VsaZzjxQzb7RqcRarfZv+FP6tKwTSZiG4etl
6uJKdsO3rZ3n+9dty/ZatZDOcZS1qWNK8+r/Kta6JFqTuhrXEvtjhQpw/qkyScjx
0oD+37fkKoXSfaFUhZ8MGt2gNUB+fmSdME27zqfm1wkQNLEB+YPLTqyihubIHXiN
QN05hY02Sg/fBkP9plS/D1kiI117P4i/k64o+UpZoqN6X0yDI5cNarky13vjs5BH
GlsTussVNXd6yhqvnEY3E0wD2x13LAHJKNMx5JMVdImvyIykaCRGhKKABZOoS9d4
/mftjFvaH5VwtL6jzfSE1eBH0oaOAlezpRfZmz0IrZTM6XgizusNxi/XSmLEUnKc
ClHRXRutJIqvUgvhypZvCs4XyKiU7lbcw8ePVUQb8OMk1U2AB5+RFu6qVjY4+xRe
SbAYH63oUOaNnulLeOcv0iFfwSckDJqrpoxf10kVh4uIFCQqWw0Nb0dwnG9tYoEK
ayHNCjkoBjyH+D791ms5+g8Ajlx6dZzMjrLZeDyP0eKb4wy+QD/Cp9KSn273goft
IqpTYsGP1lRdB7mX46VFxH48vo5EQ63WpJLk5OXhxhfgjsBmQb0O3Azh/BSb4y6E
jo81UGnmyeNcSOHooybTtuqOh3Fwb1AXh33bxNAw3Lqqmjnz+TA=
=fCk3
-----END PGP SIGNATURE-----
Reply to: