Red Hat Product Errata RHSA-2026:2934 - Security Advisory
Issued:
2026-02-18
Updated:
2026-02-18

RHSA-2026:2934 - Security Advisory

Synopsis

Important: munge security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for munge is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

Security Fix(es):

  • MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery (CVE-2026-25506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x

Fixes

  • BZ - 2438715 - CVE-2026-25506 MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

Red Hat Enterprise Linux Server - AUS 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
x86_64
munge-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 02a7c0eb6ef4589abf1517fb6ab545065f808560b2d4b177e6e6c9b97e8e9e9a
munge-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 8c12561bc531ff43965f3e84b88573c756352740606e50b92152ba876d2e019d
munge-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 018712de4814ed85038bca15140300459d0a1967150de0d1c42525e495dc73da
munge-debugsource-0.5.13-13.el9_2.1.i686.rpm SHA-256: 3fc1b2a2fec25a8659265e5ce69c472505d33c253bc7362a1c44c4ff69b611ac
munge-debugsource-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: ea9dcc63cd7e82e6f67e0c62198d334535ff60a50974ec986c132adcb4acbc7d
munge-libs-0.5.13-13.el9_2.1.i686.rpm SHA-256: 6cf3d0530ece18ba40566956ceafeaf1d83f7ada2aba7b0295305e828cb388a7
munge-libs-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 9c4d683bb86df80b26ff39df6da8cb320b5252da2633d3e1d15f3d0a9102c878
munge-libs-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 86bf44a7574b5986b6769cfdd068d7e9daef14f69579637c16600d9b1e5e46e3
munge-libs-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 358763f0f09bb9cb095c75c5486add8aab3db012eb35621624106d250c9b9af8

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
ppc64le
munge-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: f5042daac2de5d4f956075c82972259197aa301aa3db4f9f71a20a8259060808
munge-debuginfo-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: 50adb0d528122311bb0b589d2232f1ddba7a0034ea17872acb3422cb1a071b62
munge-debugsource-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: 57d24c53311cb098017356475a6112ca3c93e11d589fefba45038426db79834d
munge-libs-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: b8b57d289771aca667f3f49e37e4ef7792626825d28eab93d872338b51d827bc
munge-libs-debuginfo-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: a11781ce7ec8a367cba8dde08a364ec62898f13317f9f763f9f746595ff299b7

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
x86_64
munge-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 02a7c0eb6ef4589abf1517fb6ab545065f808560b2d4b177e6e6c9b97e8e9e9a
munge-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 8c12561bc531ff43965f3e84b88573c756352740606e50b92152ba876d2e019d
munge-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 018712de4814ed85038bca15140300459d0a1967150de0d1c42525e495dc73da
munge-debugsource-0.5.13-13.el9_2.1.i686.rpm SHA-256: 3fc1b2a2fec25a8659265e5ce69c472505d33c253bc7362a1c44c4ff69b611ac
munge-debugsource-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: ea9dcc63cd7e82e6f67e0c62198d334535ff60a50974ec986c132adcb4acbc7d
munge-libs-0.5.13-13.el9_2.1.i686.rpm SHA-256: 6cf3d0530ece18ba40566956ceafeaf1d83f7ada2aba7b0295305e828cb388a7
munge-libs-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 9c4d683bb86df80b26ff39df6da8cb320b5252da2633d3e1d15f3d0a9102c878
munge-libs-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 86bf44a7574b5986b6769cfdd068d7e9daef14f69579637c16600d9b1e5e46e3
munge-libs-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 358763f0f09bb9cb095c75c5486add8aab3db012eb35621624106d250c9b9af8

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
aarch64
munge-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 0f5815f7c0530dea3db345e603cd9d622529169230cac4bf54b68ab695452c97
munge-debuginfo-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 3f882b24a72efd7969a51b5bfb79c5a6f4ce2557d2bb16a9e876a2b33e336dda
munge-debugsource-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 492e03addc0981ea688c7dcf8eea6b505c187a24a27c5d3687e7bf123e680114
munge-libs-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: b5b9437a5212808557a0f92863cfb1661b06ce1ce99615c41639c4baa7121193
munge-libs-debuginfo-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 4bf7c062e74c8f7c899ebd36e7f8ebc31e1ad3aee1bee8c40fe9e2a83b5d92ab

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
s390x
munge-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 06ba40b2a49ac028ba48175174669d51ea79c3f5606aa309e5a1e2f29775dd74
munge-debuginfo-0.5.13-13.el9_2.1.s390x.rpm SHA-256: bc498867fac7f17ca3f4d3f2c2ef8e5e92c7981f009798f3f823ba373fa5e255
munge-debugsource-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 5d1a0dc37e1918ac765c0e359537920496845b7f74cd2a71e9eacd65e10ee1d1
munge-libs-0.5.13-13.el9_2.1.s390x.rpm SHA-256: dd2b9642cd26c61056d0b68ec278c6c528a2f513cbb58f20679b41a25fafc7a2
munge-libs-debuginfo-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 32eb801939833d2bb75bea0d0bcb206db8efa86cc0d7ed006cbf30af1ce05ed4

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
x86_64
munge-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 02a7c0eb6ef4589abf1517fb6ab545065f808560b2d4b177e6e6c9b97e8e9e9a
munge-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 8c12561bc531ff43965f3e84b88573c756352740606e50b92152ba876d2e019d
munge-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 018712de4814ed85038bca15140300459d0a1967150de0d1c42525e495dc73da
munge-debugsource-0.5.13-13.el9_2.1.i686.rpm SHA-256: 3fc1b2a2fec25a8659265e5ce69c472505d33c253bc7362a1c44c4ff69b611ac
munge-debugsource-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: ea9dcc63cd7e82e6f67e0c62198d334535ff60a50974ec986c132adcb4acbc7d
munge-libs-0.5.13-13.el9_2.1.i686.rpm SHA-256: 6cf3d0530ece18ba40566956ceafeaf1d83f7ada2aba7b0295305e828cb388a7
munge-libs-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 9c4d683bb86df80b26ff39df6da8cb320b5252da2633d3e1d15f3d0a9102c878
munge-libs-debuginfo-0.5.13-13.el9_2.1.i686.rpm SHA-256: 86bf44a7574b5986b6769cfdd068d7e9daef14f69579637c16600d9b1e5e46e3
munge-libs-debuginfo-0.5.13-13.el9_2.1.x86_64.rpm SHA-256: 358763f0f09bb9cb095c75c5486add8aab3db012eb35621624106d250c9b9af8

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
aarch64
munge-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 0f5815f7c0530dea3db345e603cd9d622529169230cac4bf54b68ab695452c97
munge-debuginfo-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 3f882b24a72efd7969a51b5bfb79c5a6f4ce2557d2bb16a9e876a2b33e336dda
munge-debugsource-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 492e03addc0981ea688c7dcf8eea6b505c187a24a27c5d3687e7bf123e680114
munge-libs-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: b5b9437a5212808557a0f92863cfb1661b06ce1ce99615c41639c4baa7121193
munge-libs-debuginfo-0.5.13-13.el9_2.1.aarch64.rpm SHA-256: 4bf7c062e74c8f7c899ebd36e7f8ebc31e1ad3aee1bee8c40fe9e2a83b5d92ab

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
ppc64le
munge-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: f5042daac2de5d4f956075c82972259197aa301aa3db4f9f71a20a8259060808
munge-debuginfo-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: 50adb0d528122311bb0b589d2232f1ddba7a0034ea17872acb3422cb1a071b62
munge-debugsource-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: 57d24c53311cb098017356475a6112ca3c93e11d589fefba45038426db79834d
munge-libs-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: b8b57d289771aca667f3f49e37e4ef7792626825d28eab93d872338b51d827bc
munge-libs-debuginfo-0.5.13-13.el9_2.1.ppc64le.rpm SHA-256: a11781ce7ec8a367cba8dde08a364ec62898f13317f9f763f9f746595ff299b7

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2

SRPM
munge-0.5.13-13.el9_2.1.src.rpm SHA-256: 53fa025549a88758ff12ea3ed9df82e0deb14d472bf83efa774afbb9b0b0e080
s390x
munge-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 06ba40b2a49ac028ba48175174669d51ea79c3f5606aa309e5a1e2f29775dd74
munge-debuginfo-0.5.13-13.el9_2.1.s390x.rpm SHA-256: bc498867fac7f17ca3f4d3f2c2ef8e5e92c7981f009798f3f823ba373fa5e255
munge-debugsource-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 5d1a0dc37e1918ac765c0e359537920496845b7f74cd2a71e9eacd65e10ee1d1
munge-libs-0.5.13-13.el9_2.1.s390x.rpm SHA-256: dd2b9642cd26c61056d0b68ec278c6c528a2f513cbb58f20679b41a25fafc7a2
munge-libs-debuginfo-0.5.13-13.el9_2.1.s390x.rpm SHA-256: 32eb801939833d2bb75bea0d0bcb206db8efa86cc0d7ed006cbf30af1ce05ed4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.