-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4477-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz February 10, 2026 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : munge Version : 0.5.14-4+deb11u1 CVE ID : CVE-2026-25506 Titouan Lazard discovered a buffer overflow vulnerability in munge, an authentication service to create and validate credentials, which may allow local users to leak the MUNGE cryptographic key and forge arbitrary credentials. Additional details can be found in the upstream advisory: https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh For Debian 11 bullseye, this problem has been fixed in version 0.5.14-4+deb11u1. We recommend that you upgrade your munge packages. For the detailed security status of munge please refer to its security tracker page at: https://security-tracker.debian.org/tracker/munge Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmmLfJNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcl/g/9ENBv8qBPEM45IKBL9na5VsaZzjxQzb7RqcRarfZv+FP6tKwTSZiG4etl 6uJKdsO3rZ3n+9dty/ZatZDOcZS1qWNK8+r/Kta6JFqTuhrXEvtjhQpw/qkyScjx 0oD+37fkKoXSfaFUhZ8MGt2gNUB+fmSdME27zqfm1wkQNLEB+YPLTqyihubIHXiN QN05hY02Sg/fBkP9plS/D1kiI117P4i/k64o+UpZoqN6X0yDI5cNarky13vjs5BH GlsTussVNXd6yhqvnEY3E0wD2x13LAHJKNMx5JMVdImvyIykaCRGhKKABZOoS9d4 /mftjFvaH5VwtL6jzfSE1eBH0oaOAlezpRfZmz0IrZTM6XgizusNxi/XSmLEUnKc ClHRXRutJIqvUgvhypZvCs4XyKiU7lbcw8ePVUQb8OMk1U2AB5+RFu6qVjY4+xRe SbAYH63oUOaNnulLeOcv0iFfwSckDJqrpoxf10kVh4uIFCQqWw0Nb0dwnG9tYoEK ayHNCjkoBjyH+D791ms5+g8Ajlx6dZzMjrLZeDyP0eKb4wy+QD/Cp9KSn273goft IqpTYsGP1lRdB7mX46VFxH48vo5EQ63WpJLk5OXhxhfgjsBmQb0O3Azh/BSb4y6E jo81UGnmyeNcSOHooybTtuqOh3Fwb1AXh33bxNAw3Lqqmjnz+TA= =fCk3 -----END PGP SIGNATURE-----
