{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-25506: fix buffer overflow in message parsing and add bounds checks\n and input validation for address length; prevent leak of cryptographic MAC\n subkey and forging of arbitrary credentials", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772571803", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772571803" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1772571803.json" } ], "tracking": { "current_release_date": "2026-03-03T21:04:05Z", "generator": { "date": "2026-03-03T21:04:05Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1772571803", "initial_release_date": "2026-03-03T21:04:05Z", "revision_history": [ { "date": "2026-03-03T21:04:05Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "munge: Fix of CVE-2026-25506" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product": { "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_id": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/munge-libs@0.5.13-13.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product": { "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_id": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/munge-devel@0.5.13-13.el9_2.tuxcare.els1?arch=x86_64" } } }, { "category": "product_version", "name": "munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product": { "name": "munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_id": "munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/munge@0.5.13-13.el9_2.tuxcare.els1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product": { "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product_id": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/munge-libs@0.5.13-13.el9_2.tuxcare.els1?arch=i686" } } }, { "category": "product_version", "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product": { "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product_id": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/munge-devel@0.5.13-13.el9_2.tuxcare.els1?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" }, "product_reference": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686" }, "product_reference": "munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686" }, "product_reference": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" }, "product_reference": "munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" }, "product_reference": "munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-25506", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication daemon) to leak cryptographic key material from process memory. With the leaked key material, the attacker could forge arbitrary MUNGE credentials to impersonate any user (including root) to services that rely on MUNGE for authentication. The vulnerability allows a buffer overflow by sending a crafted message with an oversized address length field, corrupting munged's internal state and enabling extraction of the MAC subkey used for credential verification. This vulnerability is fixed in 0.5.18.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-25506" }, { "category": "external", "summary": "https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812", "url": "https://github.com/dun/munge/commit/bf40cc27c4ce8451d4b062c9de0b67ec40894812" }, { "category": "external", "summary": "https://github.com/dun/munge/releases/tag/munge-0.5.18", "url": "https://github.com/dun/munge/releases/tag/munge-0.5.18" }, { "category": "external", "summary": "https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh", "url": "https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2026/02/10/3", "url": "http://www.openwall.com/lists/oss-security/2026/02/10/3" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2026/02/17/6", "url": "http://www.openwall.com/lists/oss-security/2026/02/17/6" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2026/02/msg00015.html", "url": "https://lists.debian.org/debian-lts-announce/2026/02/msg00015.html" } ], "release_date": "2026-02-10T19:16:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-03T21:03:26.741865Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1772571803", "product_ids": [ "AlmaLinux-9.2:munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1772571803" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.2:munge-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-devel-0:0.5.13-13.el9_2.tuxcare.els1.x86_64", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.i686", "AlmaLinux-9.2:munge-libs-0:0.5.13-13.el9_2.tuxcare.els1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }