Описание
ELSA-2025-8411: krb5 security update (MODERATE)
[1.18.2-32.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.18.2-32]
- Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-86786
- Don't issue RC4 session keys by default (CVE-2025-3576) Resolves: RHEL-88049
- Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-82648
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
krb5-devel
1.18.2-32.0.1.el8_10
krb5-libs
1.18.2-32.0.1.el8_10
krb5-pkinit
1.18.2-32.0.1.el8_10
krb5-server
1.18.2-32.0.1.el8_10
krb5-server-ldap
1.18.2-32.0.1.el8_10
krb5-workstation
1.18.2-32.0.1.el8_10
libkadm5
1.18.2-32.0.1.el8_10
Oracle Linux x86_64
krb5-devel
1.18.2-32.0.1.el8_10
krb5-libs
1.18.2-32.0.1.el8_10
krb5-pkinit
1.18.2-32.0.1.el8_10
krb5-server
1.18.2-32.0.1.el8_10
krb5-server-ldap
1.18.2-32.0.1.el8_10
krb5-workstation
1.18.2-32.0.1.el8_10
libkadm5
1.18.2-32.0.1.el8_10
Связанные CVE
Связанные уязвимости
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...
