[ubuntu/noble-security] krb5 1.20.1-6ubuntu2.6 (Accepted)
Hlib Korzhynskyy
hlib.korzhynskyy at canonical.com
Wed May 28 13:13:35 UTC 2025
krb5 (1.20.1-6ubuntu2.6) noble-security; urgency=medium
* SECURITY UPDATE: Use of weak cryptographic hash.
- debian/patches/CVE-2025-3576.patch: Add allow_des3 and allow_rc4 options.
Disallow usage of des3 and rc4 unless allowed in the config. Replace
warn_des3 with warn_deprecated in ./src/lib/krb5/krb/get_in_tkt.c. Add
allow_des3 and allow_rc4 boolean in ./src/include/k5-int.h. Prevent usage
of deprecated enctypes in ./src/kdc/kdc_util.c.
- debian/patches/CVE-2025-3576-post1.patch: Add enctype comparison with
ENCTYPE_AES256_CTS_HMAC_SHA1_96 in ./src/kdc/kdc_util.c.
- CVE-2025-3576
Date: 2025-05-20 16:36:24.662792+00:00
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.6
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list