[ubuntu/focal-security] krb5 1.17-6ubuntu4.11 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Wed May 28 13:13:36 UTC 2025
krb5 (1.17-6ubuntu4.11) focal-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576*.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- debian/libk5crypto3.symbols: Add krb5int_c_deprecated_enctype symbol.
- CVE-2025-3576
Date: 2025-05-20 19:45:30.807752+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.11
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list