Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Munge Important Buffer Overflow Threat Update 2026-0448-1

suse
Calendar Grey February 11, 2026
Dist Suse Esm H88
Critical update for munge addresses buffer overflow and local escalation risks in SUSE using patch methods like zypper.
An update that solves one vulnerability and has one security fix can now be installed.

Summary

## This update for munge fixes the following issues: * CVE-2026-25506: buffer overflow in message unpacking (bsc#1257651). * Make `logrotate` work on log as user `munge` to prevent local privilege escalation (bsc#1246088). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * HPC Module 12 zypper in -t patch SUSE-SLE-Module-HPC-12-2026-448=1 ## Package List: * HPC Module 12 (aarch64 x86_64) * munge-debuginfo-0.5.14-3.11.1 * munge-0.5.14-3.11.1 * libmunge2-0.5.14-3.11.1 * munge-debugsource-0.5.14-3.11.1 * munge-devel-0.5.14-3.11.1 * libmunge2-debuginfo-0.5.14-3.11.1

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important application privacy escalation

References

* bsc#1246088

* bsc#1257651

Cross-

* CVE-2026-25506

CVSS scores:

* CVE-2026-25506 ( SUSE ): 7.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

* CVE-2026-25506 ( NVD ): 7.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L

Affected Products:

* HPC Module 12

* SUSE Linux Enterprise High Performance Computing 12 SP2

* SUSE Linux Enterprise High Performance Computing 12 SP3

* SUSE Linux Enterprise High Performance Computing 12 SP4

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP2

* SUSE Linux Enterprise Server 12 SP3

* SUSE Linux Enterprise Server 12 SP4

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP2

* SUSE Linux Enterprise Server for SAP Applications 12 SP3

* SUSE Linux Enterprise Server for SAP Applications 12 SP4

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0448-1
Release Date: 2026-02-11T14:51:56Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important application privacy escalation

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here