FYI, (which others probably already know). Munge needs to be updated on the slurmctld node(s) before being updated on the slurmd nodes in my limited testing. Similar to how slurm is updated. Updating munge on a slurmd node before the slurmctld caused errors on the slurmd node for the one instance I did that.
--- Sean McGrath
Systems Administrator Research IT IT Services Trinity College Dublin
00 353 - (0)1 896 3725 https://www.tcd.ie/itservices/ https://www.tchpc.tcd.ie/http://www.tchpc.tcd.ie/ ________________________________ From: Ole Holm Nielsen via slurm-users slurm-users@lists.schedmd.com Sent: Tuesday 10 February 2026 20:59 To: slurm-users@lists.schedmd.com slurm-users@lists.schedmd.com Subject: [slurm-users] Re: MUNGE security issue (CVE-2026-25506)
[External Email] This email originated outside of Trinity College Dublin. Do not click links or open attachments unless you recognise the sender and know the content is safe.
On 2/10/2026 7:04 PM, Tim Wickberg via slurm-users wrote:
MUNGE just announced a serious security issue as CVE-2026-25506:
Just a small note on Munge [1] for those of you with RPM-based systems:
Build Munge 0.5.18 RPM packages by:
wget https://github.com/dun/munge/releases/download/munge-0.5.18/munge-0.5.18.tar...
rpmbuild -ta munge-0.5.18.tar.xz
and install the packages from the directory ~/rpmbuild/RPMS/x86_64/ (or whatever your architecture is).
Best regards, Ole
[1] https://github.com/dun/munge/releases -- Ole Holm Nielsen PhD, Senior HPC Officer Department of Physics, Technical University of Denmark
-- slurm-users mailing list -- slurm-users@lists.schedmd.com To unsubscribe send an email to slurm-users-leave@lists.schedmd.com