ALSA-2026:19145

See a problem?

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json

JSON Data

https://api.osv.dev/v1/vulns/ALSA-2026:19145

Related

CVE-2026-40355
CVE-2026-40356

Published

2026-05-19T00:00:00Z

Modified

2026-05-26T16:59:29.199263841Z

Summary

Important: krb5 security update

Details

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356)
krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Affected packages

AlmaLinux:10

krb5-devel

Package

Name: krb5-devel
Purl: pkg:rpm/almalinux/krb5-devel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-libs

Package

Name: krb5-libs
Purl: pkg:rpm/almalinux/krb5-libs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-pkinit

Package

Name: krb5-pkinit
Purl: pkg:rpm/almalinux/krb5-pkinit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-server

Package

Name: krb5-server
Purl: pkg:rpm/almalinux/krb5-server

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-server-ldap

Package

Name: krb5-server-ldap
Purl: pkg:rpm/almalinux/krb5-server-ldap

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-workstation

Package

Name: krb5-workstation
Purl: pkg:rpm/almalinux/krb5-workstation

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

krb5-xrealmauthz

Package

Name: krb5-xrealmauthz
Purl: pkg:rpm/almalinux/krb5-xrealmauthz

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"

libkadm5

Package

Name: libkadm5
Purl: pkg:rpm/almalinux/libkadm5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.21.3-10.el10_2

Database specific

source

"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:19145.json"