{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Important" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An update for Red Hat Hardened Images RPMs is now available.", "title" : "Topic" }, { "category" : "general", "text" : "This update includes the following RPMs:\n\nkrb5:\n * krb5-devel-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-libs-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-pkinit-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-server-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-server-ldap-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-tests-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-workstation-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-xrealmauthz-1.22.2-7.hum1 (aarch64, x86_64)\n * libkadm5-1.22.2-7.hum1 (aarch64, x86_64)\n * krb5-1.22.2-7.hum1.src (src)", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:12220", "url" : "https://access.redhat.com/errata/RHSA-2026:12220" }, { "category" : "external", "summary" : "https://images.redhat.com/", "url" : "https://images.redhat.com/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-40355", "url" : "https://access.redhat.com/security/cve/CVE-2026-40355" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-40356", "url" : "https://access.redhat.com/security/cve/CVE-2026-40356" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12220.json" } ], "title" : "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update", "tracking" : { "current_release_date" : "2026-04-30T13:36:37+00:00", "generator" : { "date" : "2026-04-30T13:36:37+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.7.7" } }, "id" : "RHSA-2026:12220", "initial_release_date" : "2026-04-30T09:30:23+00:00", "revision_history" : [ { "date" : "2026-04-30T09:30:23+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-04-30T12:40:42+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-04-30T13:36:37+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Hardened Images", "product" : { "name" : "Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:hummingbird:1" } } } ], "category" : "product_family", "name" : "Red Hat Hardened Images" }, { "branches" : [ { "category" : "product_version", "name" : "krb5-main@src", "product" : { "name" : "krb5-main@src", "product_id" : "krb5-main@src", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/krb5@1.22.2-7.hum1?arch=src&distro=hummingbird-20251124&repository_id=public-hummingbird-source-rpms" } } } ], "category" : "architecture", "name" : "src" }, { "branches" : [ { "category" : "product_version", "name" : "krb5-main@aarch64", "product" : { "name" : "krb5-main@aarch64", "product_id" : "krb5-main@aarch64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/krb5-devel@1.22.2-7.hum1?arch=aarch64&distro=hummingbird-20251124&repository_id=public-hummingbird-aarch64-rpms" } } } ], "category" : "architecture", "name" : "aarch64" }, { "branches" : [ { "category" : "product_version", "name" : "krb5-main@x86_64", "product" : { "name" : "krb5-main@x86_64", "product_id" : "krb5-main@x86_64", "product_identification_helper" : { "purl" : "pkg:rpm/redhat/krb5-devel@1.22.2-7.hum1?arch=x86_64&distro=hummingbird-20251124&repository_id=public-hummingbird-x86_64-rpms" } } } ], "category" : "architecture", "name" : "x86_64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "krb5-main@aarch64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:krb5-main@aarch64" }, "product_reference" : "krb5-main@aarch64", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "krb5-main@src as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:krb5-main@src" }, "product_reference" : "krb5-main@src", "relates_to_product_reference" : "Red Hat Hardened Images" }, { "category" : "default_component_of", "full_product_name" : { "name" : "krb5-main@x86_64 as a component of Red Hat Hardened Images", "product_id" : "Red Hat Hardened Images:krb5-main@x86_64" }, "product_reference" : "krb5-main@x86_64", "relates_to_product_reference" : "Red Hat Hardened Images" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-40355", "cwe" : { "id" : "CWE-476", "name" : "NULL Pointer Dereference" }, "discovery_date" : "2026-04-28T07:01:45.120520+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2463370" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "Moderate: This flaw allows an unauthenticated remote attacker to cause a Denial of Service in MIT Kerberos 5 by triggering a NULL pointer dereference. Exploitation requires the NegoEx mechanism to be explicitly registered in the system's GSSAPI configuration, which is not a default state in all Red Hat environments.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-40355" }, { "category" : "external", "summary" : "RHBZ#2463370", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463370" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-40355", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-40355" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-40355" }, { "category" : "external", "summary" : "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "url" : "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "category" : "external", "summary" : "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "url" : "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "category" : "external", "summary" : "https://web.mit.edu/kerberos/advisories/", "url" : "https://web.mit.edu/kerberos/advisories/" } ], "release_date" : "2026-04-28T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-30T09:30:23+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12220" }, { "category" : "workaround", "details" : "To mitigate this issue, remove the NegoEx mechanism registration from the system's GSSAPI configuration if it is not required. This can typically be achieved by removing or commenting out the relevant entry in `/etc/gss/mech`. A restart of services utilizing Kerberos might be necessary for the changes to take effect, which could impact Kerberos-dependent functionality.", "product_ids" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Moderate" } ], "title" : "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism" }, { "cve" : "CVE-2026-40356", "cwe" : { "id" : "CWE-191", "name" : "Integer Underflow (Wrap or Wraparound)" }, "discovery_date" : "2026-04-28T07:01:37.543641+00:00", "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2463368" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in MIT Kerberos 5 (krb5). An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling `gss_accept_sec_context()` on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of Service (DoS).", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "An Important denial of service vulnerability exists in MIT Kerberos 5, allowing an unauthenticated remote attacker to terminate processes. This occurs on systems where the NegoEx mechanism is registered and an application invokes `gss_accept_sec_context()`, leading to an integer underflow and out-of-bounds read.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-40356" }, { "category" : "external", "summary" : "RHBZ#2463368", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2463368" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-40356", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-40356" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-40356" }, { "category" : "external", "summary" : "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "url" : "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html" }, { "category" : "external", "summary" : "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "url" : "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f" }, { "category" : "external", "summary" : "https://web.mit.edu/kerberos/advisories/", "url" : "https://web.mit.edu/kerberos/advisories/" } ], "release_date" : "2026-04-28T00:00:00+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-04-30T09:30:23+00:00", "details" : "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/", "product_ids" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:12220" }, { "category" : "workaround", "details" : "To mitigate this issue, ensure that the NegoEx mechanism is not registered in the `/etc/gss/mech` configuration file. Removing the corresponding entry from this file will prevent the vulnerable code path from being activated. This action may impact services that rely on the NegoEx GSS-API mechanism. A restart of affected Kerberos-dependent services may be required for the change to take effect.", "product_ids" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "HIGH", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "Red Hat Hardened Images:krb5-main@aarch64", "Red Hat Hardened Images:krb5-main@src", "Red Hat Hardened Images:krb5-main@x86_64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read" } ] }