[CLSA-2026:1782979178] krb5: Fix of 2 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-07-02 07:59:55 UTC
Description:
- CVE-2026-40355: fix null pointer dereference in NegoEx parse_nego_message() - CVE-2026-40356: fix read overrun in NegoEx parse_message() via short header_len
Updated packages:
  • krb5-devel-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:91b28ca20cbf7319f8d982cc6f1a9cf6b28c867e1c754b29ef89d4534ab291ab
  • krb5-devel-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:9e87a3a24e1a5fb71b4bbf5f4991681f5aa52b0dcc407c2e6d22c18f8429da35
  • krb5-libs-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:9558ebd495ab680a5bd8d538db667641aab2b8ea2f2ed2ce1750cabfa5e25595
  • krb5-libs-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:796dad34a0bcb6fb8fac97f2486d4a35bc7cd52ce045b418005627b1152e248d
  • krb5-pkinit-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:ae6586a02825376a0ee3be5c4f2ac6656b096a6779a92d0486efebd61564b4f2
  • krb5-pkinit-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:c7efeaced106e3c99b401e72aa5cd8f186ddf9d7f5214b604aba193743b97daf
  • krb5-server-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:6b8a26f384df053c94db4a26148828791adcfeea427119915c4d52f91246825b
  • krb5-server-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:08cd2998dcab91eab48fe8d3970a5e0b981b57be1751af070ed1a726ecb3dad5
  • krb5-server-ldap-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:feb5e9c0447d617b2ce00935d16c3beb8ec20f6329b5965ee3ecb1a768999d96
  • krb5-server-ldap-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:a03b08b821c7ca4381bfa8f1d20b8cad898b1d35e4d15fa5ffc1851b64c63cf6
  • krb5-workstation-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:9f33848759f9d7b8c0a13b4bb46263889fe03b661e3918c21e45bc8b39ad7bd8
  • libkadm5-1.20.1-9.el9_2.tuxcare.els9.i686.rpm
    sha:b03e172abea5bc56b1e1fa0f75929eb6bbc68f1746b2a2d037e82b9c2f5e5b77
  • libkadm5-1.20.1-9.el9_2.tuxcare.els9.x86_64.rpm
    sha:0bdd64b73573320b84bd50525ba650f1d8f71e566c1cf0521c18656d12e473cb
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.