Threats Tagged 'cve-2026-40356'

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356) * krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356) * krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356) * krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update includes the following RPMs: python3.13: * python3.13-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-debug-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-devel-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-freethreading-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-freethreading-debug-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-idle-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-libs-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-test-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-tkinter-3.13.13-1.hum1 (aarch64, x86_64) * python3.13-3.13.13-1.hum1.src (src)

The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes all Red Hat Insights traffic through itself, providing a layer of privary and security for disconnected customer systems.

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

CVE-2026-40356 is an integer underflow vulnerability in MIT Kerberos 5 versions before 1.22.3. It occurs when gss_accept_sec_context() is called on a system with a NegoEx mechanism registered, causing an out-of-bounds read. An unauthenticated remote attacker can trigger this, potentially causing the affected process to terminate unexpectedly. The vulnerability has a medium severity with a CVSS score of 5.9. No official patch or remediation guidance is currently available from the vendor. There are no known exploits in the wild at this time.