Описание
ELSA-2025-9418: krb5 security update (MODERATE)
[1.21.3-8.0.1]
- Fixed race condition in krb5_set_password() [Orabug: 33609767]
[1.21.3-8]
- Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-88705
- Don't issue RC4 session keys by default (CVE-2025-3576) Resolves: RHEL-88047
- Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-74295
Обновленные пакеты
Oracle Linux 10
Oracle Linux aarch64
krb5-devel
1.21.3-8.0.1.el10_0
krb5-libs
1.21.3-8.0.1.el10_0
krb5-pkinit
1.21.3-8.0.1.el10_0
krb5-server
1.21.3-8.0.1.el10_0
krb5-server-ldap
1.21.3-8.0.1.el10_0
krb5-workstation
1.21.3-8.0.1.el10_0
libkadm5
1.21.3-8.0.1.el10_0
Oracle Linux x86_64
krb5-devel
1.21.3-8.0.1.el10_0
krb5-libs
1.21.3-8.0.1.el10_0
krb5-pkinit
1.21.3-8.0.1.el10_0
krb5-server
1.21.3-8.0.1.el10_0
krb5-server-ldap
1.21.3-8.0.1.el10_0
krb5-workstation
1.21.3-8.0.1.el10_0
libkadm5
1.21.3-8.0.1.el10_0
Связанные CVE
Связанные уязвимости
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...
