krb5-1.18.2-34.el8_10

エラータID: AXSA:2026-613:03

Release date: 
Thursday, May 14, 2026 - 21:22
Subject: 
krb5-1.18.2-34.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC).

Security Fix(es):

* krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356)
* krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-40355
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
CVE-2026-40356
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.

Solution: 

Update packages.

CVEs: 
CVE-2026-40355
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.
CVE-2026-40356
In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.
Additional Info: 

N/A

Download: 

SRPMS
  1. krb5-1.18.2-34.el8_10.src.rpm
    MD5: 9e5974f077bf279143cdde08cd114d1a
    SHA-256: b4a8434e7b39b10028a38702c2b27f365ff48fe7da3148d9026f329821aad4ab
    Size: 9.92 MB

Asianux Server 8 for x86_64
  1. krb5-devel-1.18.2-34.el8_10.i686.rpm
    MD5: 496b9ee36e209c89e2bec226d11d29ac
    SHA-256: db337aad6c4e42469e82ae7b6d3a844fe1d47caab844d695c3167932251b3f5d
    Size: 562.12 kB
  2. krb5-devel-1.18.2-34.el8_10.x86_64.rpm
    MD5: 3fc9c6487460492662bda3e90dca7e9d
    SHA-256: 475ac57ad47bce3e6226f91b7d3422e99dc3a449e3a955406030e00c062a2bb4
    Size: 562.43 kB
  3. krb5-libs-1.18.2-34.el8_10.i686.rpm
    MD5: 4c41b41720fc281601396b278f535bf7
    SHA-256: 19db938ba7537ae07dd59e9beaf493c4fe3580570e5296af71b3ea9924d04d3d
    Size: 910.02 kB
  4. krb5-libs-1.18.2-34.el8_10.x86_64.rpm
    MD5: 45ad256060451073551fae9b96553776
    SHA-256: 33f9d7158371dc1c9bc290b2cc9ee22a2a4534ae465c02981cca29190f221674
    Size: 843.57 kB
  5. krb5-pkinit-1.18.2-34.el8_10.i686.rpm
    MD5: 2c9002beb24cecd394d4bf3ed81a44ef
    SHA-256: 6030dd7fac57bbe06b07bf3635acff4bfd1a22839cc3f9590fccc48a64cc0312
    Size: 180.45 kB
  6. krb5-pkinit-1.18.2-34.el8_10.x86_64.rpm
    MD5: 5512f41f64c60a7dde93d1fec25527c8
    SHA-256: 3141c035c9bd69c9dbbb3918a5c037c7646d1c26044ee61785d9418a13208860
    Size: 175.29 kB
  7. krb5-server-1.18.2-34.el8_10.i686.rpm
    MD5: 2eb5bc714d8bc2a1826200a3c8adb712
    SHA-256: b1921e968a92594d4438df2f3ca8fd794e47fdbcc8cb747624194aac0dd6c3d3
    Size: 1.09 MB
  8. krb5-server-1.18.2-34.el8_10.x86_64.rpm
    MD5: 985f560b8b0fe914876182c12831cc93
    SHA-256: 57791861e1eeec59c0c70758842a4d860c0ab8d7f936d443b9c2a21a32d60ef6
    Size: 1.07 MB
  9. krb5-server-ldap-1.18.2-34.el8_10.i686.rpm
    MD5: 694331a9ae7259ad4c6882a25a4608e2
    SHA-256: d922af070963f0035f925081ec7da1cd7a260a23a705968d2cfb8e3ebf416f87
    Size: 212.49 kB
  10. krb5-server-ldap-1.18.2-34.el8_10.x86_64.rpm
    MD5: bf14305b8e21072b33ec8fcb7f4da5bf
    SHA-256: ad04a38281879f087d1e28fb9f4e0f82f932750ff6a56c19b33462c8520f83d9
    Size: 206.81 kB
  11. krb5-workstation-1.18.2-34.el8_10.x86_64.rpm
    MD5: 84ce3f9e4e921c3a049789c26cf0611d
    SHA-256: 4ab36ec6092fab6b6ee0f8fb491849d9ea70f6eab13d3e0068ea576d54450562
    Size: 959.00 kB
  12. libkadm5-1.18.2-34.el8_10.i686.rpm
    MD5: e283ee965d8596b17596d062f0a6b6cb
    SHA-256: 4838a9e7b4d757383300b1c3f930598570375bf28d169220ff18f3661b21ca3f
    Size: 192.70 kB
  13. libkadm5-1.18.2-34.el8_10.x86_64.rpm
    MD5: 21ce39834af8fd64bff5a742a95bc825
    SHA-256: 7407eaca2e3416af0939b26b43c698c933dbd208d453149bbd11c24ef999daa9
    Size: 188.33 kB