-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6129-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 10, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : munge CVE ID : CVE-2026-25506 Titouan Lazard discovered a buffer overflow vulnerability in munge, an authentication service to create and validate credentials, which may allow local users to leak the MUNGE cryptographic key and forge arbitrary credentials. Additional details can be found in the upstream advisory: https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh For the oldstable distribution (bookworm), this problem has been fixed in version 0.5.15-2+deb12u1. For the stable distribution (trixie), this problem has been fixed in version 0.5.16-1.1~deb13u1. We recommend that you upgrade your munge packages. For the detailed security status of munge please refer to its security tracker page at: https://security-tracker.debian.org/tracker/munge Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmmLduxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ShSQ/9H2GyrCv0nULxsbrJ2lLuxqCd0DkIE12Ls+MgtVJueYDKWwa0KZKqLg2Q 8y23GS6KmznM0/NAOaGH9tTulbYPHyu5IM6XTpafE5RIQ+qD/twxv6VJOOhiiQdy aIfvK1x0nPAzV4N86+5Y3QdL2R4lNWJqXrsJ6Q9yCHF2/e7xKhHHinhDZy3cyhYG cBhQBc4Ae2WZx2vqUSxlL4BoOIi/0Dcj9hnoq7q25rpryx+CYRmQ4w2okPdS0IqL OU+51RCw6QVVINPaJETHgeZHsVc/0ZWrzZK+FlcvzDhLpwPxdqWjVR6O6bdQGk23 jtWnlyiAS0hLOigzEpyYH/EltRGDYNlsgmwja+FLFD8ImLYAVzF8OHT08egKXqsi fvc463zEcEtiZs2ZyLgwd3uEnavcZd/ZRklEhU6ujkVEzzKFJtpocyFZXDUUGRvJ Dep30mjNdtdK9sqJ5nD5H8Tj95gt7iV4pnmguiej7k/Pa9Azym4aduAU5u9ydn36 Be+R2bs+9Jc0lDUxNUYahAZvbqMXJzKuvMzsjYNEsVg8cbcn9WaX7OPwiH7wqFtd m7VmF7KzhluitpOtTIlRimrt7q/wdyfu3cXD8FNNFJ/7WJ0Y+kktx/HOerkGOvZh t33jKtNp1Z5ujR1vGVxWgFASM0Tc2XQPBErZyMSm67C3pa4JSwg= =iY2J -----END PGP SIGNATURE-----
