Red Hat Product Errata RHSA-2026:3033 - Security Advisory
Issued:
2026-02-23
Updated:
2026-02-23

RHSA-2026:3033 - Security Advisory

Synopsis

Important: munge security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for munge is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

MUNGE (MUNGE Uid 'N' Gid Emporium) is an authentication service for creating and validating credentials. It is designed to be highly scalable for use in an HPC cluster environment. It allows a process to authenticate the UID and GID of another local or remote process within a group of hosts having common users and groups. These hosts form a security realm that is defined by a shared cryptographic key. Clients within this security realm can create and validate credentials without the use of root privileges, reserved ports, or platform-specific methods.

Security Fix(es):

  • MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery (CVE-2026-25506)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for x86_64 10 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le
  • Red Hat CodeReady Linux Builder for ARM 64 10 aarch64
  • Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x

Fixes

  • BZ - 2438715 - CVE-2026-25506 MUNGE: MUNGE has a buffer overflow in message unpacking allows key leakage and credential forgery

Red Hat Enterprise Linux for x86_64 10

SRPM
munge-0.5.15-11.el10_1.src.rpm SHA-256: b040956bad0165d97772ab983a5a1ebc7dce12e4acc2e4ba4da8c0a76b199119
x86_64
munge-0.5.15-11.el10_1.x86_64.rpm SHA-256: 744e030bc240e6e1d9ddcd0bf147462492687dd9b62399022194454d9a8e374c
munge-debuginfo-0.5.15-11.el10_1.x86_64.rpm SHA-256: 04fceec1a15c5d626c9130463decea3467dd66cfafe483862b95b2c15eae6e33
munge-debugsource-0.5.15-11.el10_1.x86_64.rpm SHA-256: a22d9e16dbf2eae8bee8e48668ad386c0b8ed9b046b9cbc35031cf14a72f6745
munge-libs-0.5.15-11.el10_1.x86_64.rpm SHA-256: d5e96e5d4b757f2d15bb1a8636f5a2d17b2bf367f1d5199b47b17ebac81a3767
munge-libs-debuginfo-0.5.15-11.el10_1.x86_64.rpm SHA-256: d8e5283c3732877fe17b60d3a72393b4d630b38245b80870e4d50473199ab7d9

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
munge-0.5.15-11.el10_1.src.rpm SHA-256: b040956bad0165d97772ab983a5a1ebc7dce12e4acc2e4ba4da8c0a76b199119
s390x
munge-0.5.15-11.el10_1.s390x.rpm SHA-256: 2ee3d275f89cf1d6872262be72fad97d6a10b5d7af251f9a332e5d72835c294f
munge-debuginfo-0.5.15-11.el10_1.s390x.rpm SHA-256: bd24443889b035dc0a9d89377d0008cd0551ef90c5ca8ea823a7a3ee272dc65f
munge-debugsource-0.5.15-11.el10_1.s390x.rpm SHA-256: 726254c5c80f5255f138b3f024505126c1abe8cc8c25d382c78aaf72f1f3179e
munge-libs-0.5.15-11.el10_1.s390x.rpm SHA-256: ab4794590ee71f5878b22defa39c625e554cff66d8dccd16a0772048a030ecb3
munge-libs-debuginfo-0.5.15-11.el10_1.s390x.rpm SHA-256: 561ddd33b10a052ab5cc63835893a351c1434fad2e5d90591c0b985c791e3fbb

Red Hat Enterprise Linux for Power, little endian 10

SRPM
munge-0.5.15-11.el10_1.src.rpm SHA-256: b040956bad0165d97772ab983a5a1ebc7dce12e4acc2e4ba4da8c0a76b199119
ppc64le
munge-0.5.15-11.el10_1.ppc64le.rpm SHA-256: a29163384f62896f014469c26f6f1431154870fb5ee618c97df8ae2efcc82b9f
munge-debuginfo-0.5.15-11.el10_1.ppc64le.rpm SHA-256: 10dd6bb58cb4f73a8c036bc3215a5fc7d6e2978f053c1f28f44818531de6906d
munge-debugsource-0.5.15-11.el10_1.ppc64le.rpm SHA-256: 47c31fba139a295b7c18a3f57ffcbf16fd5c4dcdf015a4ab4f94bc00e8a902da
munge-libs-0.5.15-11.el10_1.ppc64le.rpm SHA-256: eb38c7a87a668153f3ef6797ecc53e50ee7e637c5a5993331976ff3060e53819
munge-libs-debuginfo-0.5.15-11.el10_1.ppc64le.rpm SHA-256: ecf0fe4f1193cd54968d962483147a2e57fe989b4f1f38eefd0d5dd1c6715c85

Red Hat Enterprise Linux for ARM 64 10

SRPM
munge-0.5.15-11.el10_1.src.rpm SHA-256: b040956bad0165d97772ab983a5a1ebc7dce12e4acc2e4ba4da8c0a76b199119
aarch64
munge-0.5.15-11.el10_1.aarch64.rpm SHA-256: 0f9324c976a136953b0a05bbf90e5ac893c8511567a781a8e5c8fcd1db01922b
munge-debuginfo-0.5.15-11.el10_1.aarch64.rpm SHA-256: 9e14f19421c2dac70703715a9ae54b1c03b7e3aacdc75b4d68e0808f6670b3c4
munge-debugsource-0.5.15-11.el10_1.aarch64.rpm SHA-256: 1aee09a1329434edc864d91e4e45ce3cffa91a1e8058ace0dd01ea0b2106ce5a
munge-libs-0.5.15-11.el10_1.aarch64.rpm SHA-256: e40c01eda8b4fa4a9a5539f721514cad28f76915b094388ecc317889b3bb00c1
munge-libs-debuginfo-0.5.15-11.el10_1.aarch64.rpm SHA-256: 32e8e623fc46363c2d3df321d7b410b1817c53ea9e12c064cf7abb935942b60c

Red Hat CodeReady Linux Builder for x86_64 10

SRPM
x86_64
munge-debuginfo-0.5.15-11.el10_1.x86_64.rpm SHA-256: 04fceec1a15c5d626c9130463decea3467dd66cfafe483862b95b2c15eae6e33
munge-debugsource-0.5.15-11.el10_1.x86_64.rpm SHA-256: a22d9e16dbf2eae8bee8e48668ad386c0b8ed9b046b9cbc35031cf14a72f6745
munge-devel-0.5.15-11.el10_1.x86_64.rpm SHA-256: 8f5ce527a0a325ca9fd73da1c84dd02e122e91de869882ecb19d7a34900b5d1e
munge-libs-debuginfo-0.5.15-11.el10_1.x86_64.rpm SHA-256: d8e5283c3732877fe17b60d3a72393b4d630b38245b80870e4d50473199ab7d9

Red Hat CodeReady Linux Builder for Power, little endian 10

SRPM
ppc64le
munge-debuginfo-0.5.15-11.el10_1.ppc64le.rpm SHA-256: 10dd6bb58cb4f73a8c036bc3215a5fc7d6e2978f053c1f28f44818531de6906d
munge-debugsource-0.5.15-11.el10_1.ppc64le.rpm SHA-256: 47c31fba139a295b7c18a3f57ffcbf16fd5c4dcdf015a4ab4f94bc00e8a902da
munge-devel-0.5.15-11.el10_1.ppc64le.rpm SHA-256: ec281b0d7414ae8dc54da31db4542e0c2868c2b4ac4fbff766d3ef6ecfdb87b6
munge-libs-debuginfo-0.5.15-11.el10_1.ppc64le.rpm SHA-256: ecf0fe4f1193cd54968d962483147a2e57fe989b4f1f38eefd0d5dd1c6715c85

Red Hat CodeReady Linux Builder for ARM 64 10

SRPM
aarch64
munge-debuginfo-0.5.15-11.el10_1.aarch64.rpm SHA-256: 9e14f19421c2dac70703715a9ae54b1c03b7e3aacdc75b4d68e0808f6670b3c4
munge-debugsource-0.5.15-11.el10_1.aarch64.rpm SHA-256: 1aee09a1329434edc864d91e4e45ce3cffa91a1e8058ace0dd01ea0b2106ce5a
munge-devel-0.5.15-11.el10_1.aarch64.rpm SHA-256: 15b39d42e95feabe3ed40cdc8d3dcc8d7bc52492ad9abce26eaf698c4a17b197
munge-libs-debuginfo-0.5.15-11.el10_1.aarch64.rpm SHA-256: 32e8e623fc46363c2d3df321d7b410b1817c53ea9e12c064cf7abb935942b60c

Red Hat CodeReady Linux Builder for IBM z Systems 10

SRPM
s390x
munge-debuginfo-0.5.15-11.el10_1.s390x.rpm SHA-256: bd24443889b035dc0a9d89377d0008cd0551ef90c5ca8ea823a7a3ee272dc65f
munge-debugsource-0.5.15-11.el10_1.s390x.rpm SHA-256: 726254c5c80f5255f138b3f024505126c1abe8cc8c25d382c78aaf72f1f3179e
munge-devel-0.5.15-11.el10_1.s390x.rpm SHA-256: fcdf985121712fb4a32e9f2094935ecb6ec59262be5ba3b1d56c6acbf18ed5c5
munge-libs-debuginfo-0.5.15-11.el10_1.s390x.rpm SHA-256: 561ddd33b10a052ab5cc63835893a351c1434fad2e5d90591c0b985c791e3fbb

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.