Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-9430

Опубликовано: 24 июн. 2025
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2025-9430: krb5 security update (MODERATE)

[1.21.1-8.0.1]

  • Fixed race condition in krb5_set_password() [Orabug: 33609767]

[1.21.1-9]

  • Do not block HMAC-MD4/5 in FIPS mode Resolves: RHEL-88704
  • Don't issue RC4 session keys by default (CVE-2025-3576) Resolves: RHEL-88048
  • Add PKINIT paChecksum2 from MS-PKCA v20230920 Resolves: RHEL-82647

[1.21.1-7]

  • Add dedicated tests sub-package

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

krb5-devel

1.21.1-8.0.1.el9_6

krb5-libs

1.21.1-8.0.1.el9_6

krb5-pkinit

1.21.1-8.0.1.el9_6

krb5-server

1.21.1-8.0.1.el9_6

krb5-server-ldap

1.21.1-8.0.1.el9_6

krb5-workstation

1.21.1-8.0.1.el9_6

libkadm5

1.21.1-8.0.1.el9_6

Oracle Linux x86_64

krb5-devel

1.21.1-8.0.1.el9_6

krb5-libs

1.21.1-8.0.1.el9_6

krb5-pkinit

1.21.1-8.0.1.el9_6

krb5-server

1.21.1-8.0.1.el9_6

krb5-server-ldap

1.21.1-8.0.1.el9_6

krb5-workstation

1.21.1-8.0.1.el9_6

libkadm5

1.21.1-8.0.1.el9_6

Связанные CVE

CVE-2025-3576

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2025-3576

CVSS3: 5.9
ubuntu
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

redhat логотип

CVE-2025-3576

CVSS3: 5.9
redhat
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

nvd логотип

CVE-2025-3576

CVSS3: 5.9
nvd
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.

debian логотип

CVE-2025-3576

CVSS3: 5.9
debian
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-prote ...

github логотип

GHSA-rfh5-gx7w-h7v7

CVSS3: 5.9
github
4 месяца назад

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.