Red Hat Product Errata RHSA-2026:19357 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19357 - Security Advisory Overview Updated Packages Synopsis Important: krb5 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read (CVE-2026-40356) krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism (CVE-2026-40355) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2463368 - CVE-2026-40356 krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read BZ - 2463370 - CVE-2026-40355 krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism CVEs CVE-2026-40355 CVE-2026-40356 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM krb5-1.21.1-10.el9_8.src.rpm SHA-256: b22a66515c98c14a4969a403d5419b9f9bab50015553863de866d3f45fd6d922 x86_64 krb5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a758fc3319984bcda1512747e7ab6f4b6044dc911461f4f132aaff778595aac4 krb5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a758fc3319984bcda1512747e7ab6f4b6044dc911461f4f132aaff778595aac4 krb5-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 07cd22c6054c5f957493dc75602da98f580adc609218fe59e6a9ddca0977a7ff krb5-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 07cd22c6054c5f957493dc75602da98f580adc609218fe59e6a9ddca0977a7ff krb5-debugsource-1.21.1-10.el9_8.i686.rpm SHA-256: 1a9a208052d37f30522468d43ba82ab395e704aab0752f3ca20e4034c1323fb4 krb5-debugsource-1.21.1-10.el9_8.i686.rpm SHA-256: 1a9a208052d37f30522468d43ba82ab395e704aab0752f3ca20e4034c1323fb4 krb5-debugsource-1.21.1-10.el9_8.x86_64.rpm SHA-256: ec086db4a12de4156a436cab5e247c016990779448d669df5e8f672dd6f7676f krb5-debugsource-1.21.1-10.el9_8.x86_64.rpm SHA-256: ec086db4a12de4156a436cab5e247c016990779448d669df5e8f672dd6f7676f krb5-devel-1.21.1-10.el9_8.i686.rpm SHA-256: bc7f0f572ed2df43e0afeb370a8bdf544b02c119384558c51c0006f9fb8cd67c krb5-devel-1.21.1-10.el9_8.x86_64.rpm SHA-256: 7ba9b36033f06d4864ee66956a417fc93ade29bc0c7a0d65291d24f0b26597bc krb5-libs-1.21.1-10.el9_8.i686.rpm SHA-256: 05bad9ddfa682e4e7e21f3f7601e9978d381ffbd81f8387d9c5966c4b47c17ce krb5-libs-1.21.1-10.el9_8.x86_64.rpm SHA-256: 8906be9f2d414c5f4e1218db0c94955c2b3394b43a04b7dbcc2ef66c4340ebc6 krb5-libs-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 7ac137ed34f1dda60314a8a6d4f4710f215c1103421ab6d8224c521194dc908a krb5-libs-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 7ac137ed34f1dda60314a8a6d4f4710f215c1103421ab6d8224c521194dc908a krb5-libs-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: e62dc0bede7ebfa583ee55ef94686dc27d39c9fd072144019e8fe48f537ec357 krb5-libs-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: e62dc0bede7ebfa583ee55ef94686dc27d39c9fd072144019e8fe48f537ec357 krb5-pkinit-1.21.1-10.el9_8.i686.rpm SHA-256: 4230af1471ec239096d748fb5ed8d96244966d71511a79c95bafaffe03806be3 krb5-pkinit-1.21.1-10.el9_8.x86_64.rpm SHA-256: 7850cd9a2e64a956dfd8dc646dbb88ac21ff7a367b29cc758585c4101ac40c4f krb5-pkinit-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 27a1d7184d13059280eb059af945a0bdfcdee37a184fb41a607701de64585606 krb5-pkinit-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 27a1d7184d13059280eb059af945a0bdfcdee37a184fb41a607701de64585606 krb5-pkinit-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: ab1a62c1f0defc0cd57c8df381a9be905515921f137425c98a6853c08f2d3da2 krb5-pkinit-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: ab1a62c1f0defc0cd57c8df381a9be905515921f137425c98a6853c08f2d3da2 krb5-server-1.21.1-10.el9_8.i686.rpm SHA-256: 823827b4ef2cc6bdc856de8c53b95027151be9822285b4c85114c8c5b0b28973 krb5-server-1.21.1-10.el9_8.x86_64.rpm SHA-256: ad46a9930ce64ba7222a64933fa143bdc2bfdb8285216859993dafb6e8b4de9f krb5-server-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a721dd414dcd3996d07b33054e3eb27cda3d27eb74db34d4a91d6e1871fc8f3d krb5-server-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a721dd414dcd3996d07b33054e3eb27cda3d27eb74db34d4a91d6e1871fc8f3d krb5-server-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 8e06d576f48e08a6b677a15828291c9bc437ece617b114dd8feff30cac091f41 krb5-server-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 8e06d576f48e08a6b677a15828291c9bc437ece617b114dd8feff30cac091f41 krb5-server-ldap-1.21.1-10.el9_8.i686.rpm SHA-256: 4242809f0a178cdfed92b872cfc688200f1adfe43d603694d8ad271e5c6b6b7e krb5-server-ldap-1.21.1-10.el9_8.x86_64.rpm SHA-256: 700577d6c06071f7556075f5e0fd678f0c779e17bfc965576d539ae152eb1442 krb5-server-ldap-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 5a4446556b0e6b9b09199b6473a53e1aa151d9a73f83575055a1ec928511c6f8 krb5-server-ldap-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 5a4446556b0e6b9b09199b6473a53e1aa151d9a73f83575055a1ec928511c6f8 krb5-server-ldap-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 9fad8246b225dd2988bffc2bef12760ea358dd0e08c359ca2adadb5935667765 krb5-server-ldap-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 9fad8246b225dd2988bffc2bef12760ea358dd0e08c359ca2adadb5935667765 krb5-workstation-1.21.1-10.el9_8.x86_64.rpm SHA-256: fb5a1c792d72c980e39684a676336d899e79ff5c579c923426a4cbd8cf610e70 krb5-workstation-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 4c984cab0d7f1d4c456c447fe06c203525d122d505b7a80c698bf434a74d9782 krb5-workstation-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 4c984cab0d7f1d4c456c447fe06c203525d122d505b7a80c698bf434a74d9782 krb5-workstation-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 549478e7c150367a8fed1c1e21b0565499667f1ad118b8f61676ad7b099022e3 krb5-workstation-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 549478e7c150367a8fed1c1e21b0565499667f1ad118b8f61676ad7b099022e3 krb5-xrealmauthz-1.21.1-10.el9_8.i686.rpm SHA-256: 6832cb85015909bdbc25f66461577bddf72a0226596d6c0abe1c577842f00dfd krb5-xrealmauthz-1.21.1-10.el9_8.x86_64.rpm SHA-256: a7069eb92e448a16d6ecf92420daa3de781789295973a066fdef07c3cebb9857 krb5-xrealmauthz-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 7896780506d099c358c9eb4e3c389123ef5430f5fb13cdb6bcea1c44ecd8b89e krb5-xrealmauthz-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 7896780506d099c358c9eb4e3c389123ef5430f5fb13cdb6bcea1c44ecd8b89e krb5-xrealmauthz-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 8b6387e6118518693b333ba327935a909fe649a4acb95bf743a8a920e6bd10ed krb5-xrealmauthz-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 8b6387e6118518693b333ba327935a909fe649a4acb95bf743a8a920e6bd10ed libkadm5-1.21.1-10.el9_8.i686.rpm SHA-256: 138da7e4416171d4f5e473504561e1b4f1c2b1cb1d4b06625ff33af1de995477 libkadm5-1.21.1-10.el9_8.x86_64.rpm SHA-256: 789897755fd1c2f6189f13f7ae4cf0a860f3ab21b018eb4054f19a9a3ad4456f libkadm5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 03fc271d8840ecae4397cb98c7a443b5df5d1a042562172cfb8d3d960ac7f7fd libkadm5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: 03fc271d8840ecae4397cb98c7a443b5df5d1a042562172cfb8d3d960ac7f7fd libkadm5-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: db238db02aa3fa273d4cd034c36678c77ec1615340efa08e49eb725c0684c2c3 libkadm5-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: db238db02aa3fa273d4cd034c36678c77ec1615340efa08e49eb725c0684c2c3 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM krb5-1.21.1-10.el9_8.src.rpm SHA-256: b22a66515c98c14a4969a403d5419b9f9bab50015553863de866d3f45fd6d922 x86_64 krb5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a758fc3319984bcda1512747e7ab6f4b6044dc911461f4f132aaff778595aac4 krb5-debuginfo-1.21.1-10.el9_8.i686.rpm SHA-256: a758fc3319984bcda1512747e7ab6f4b6044dc911461f4f132aaff778595aac4 krb5-debuginfo-1.21.1-10.el9_8.x86_64.rpm SHA-256: 07cd22c6054c5f957493dc75602da98f580adc609218fe59e6a9ddca0977a7ff krb5-