SUSE-SU-2025:0401-1

Опубликовано: 10 фев. 2025

Источник: suse-cvrf

Описание

Security update for crypto-policies, krb5

This update for crypto-policies and krb5 fixes the following issues:

Security issue fixed:

CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).

Feature addition:

Add crypto-policies support; (jsc#PED-12018)
- The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its.
Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);
- This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.

Список пакетов

Container bci/bci-base-fips:15.7

crypto-policies-20230920.570ea89-150600.3.3.1

crypto-policies-scripts-20230920.570ea89-150600.3.3.1

Container bci/bci-base-fips:latest

crypto-policies-20230920.570ea89-150600.3.3.1

crypto-policies-scripts-20230920.570ea89-150600.3.3.1

Container bci/bci-init:15.7

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/bci-init:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/bci-sle15-kernel-module-devel:15.7

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/bci-sle15-kernel-module-devel:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/dotnet-aspnet:8.0

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/dotnet-aspnet:latest

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/dotnet-runtime:8.0

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/dotnet-runtime:latest

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/dotnet-sdk:8.0

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/dotnet-sdk:latest

crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/gcc:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/golang:1.22-openssl

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/golang:1.23

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/golang:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/kiwi:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/node:22

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/nodejs:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/openjdk-devel:17

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/openjdk-devel:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/openjdk:17

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/openjdk:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/php-apache:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/php-fpm:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/php:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/python:3

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/python:3.13

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/python:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/ruby:3

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/ruby:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/rust:1.84

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/rust:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/spack:0.23

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container bci/spack:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:10.1-openjdk11

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:10.1-openjdk17

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:10.1-openjdk21

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:9-openjdk11

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:9-openjdk17

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:9-openjdk21

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/apache-tomcat:9-openjdk8

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/milvus:2.4

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/ollama:0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/open-webui:0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/python:3.11

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/python:3.9

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/pytorch:2-nvidia

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container containers/pytorch:2.5.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/389-ds:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Container suse/git:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/helm:latest

crypto-policies-20230920.570ea89-150600.3.3.1

Container suse/hpc/warewulf4-x86_64/sle-hpc-node:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/manager/5.0/x86_64/server-attestation:latest

crypto-policies-20230920.570ea89-150600.3.3.1

Container suse/manager/5.0/x86_64/server:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/mariadb-client:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/mariadb:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/nginx:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/pcp:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/postgres:16

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/postgres:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/registry:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/rmt-server:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sle15:15.6

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sle15:15.7

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-apiserver:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-cloner:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-controller:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-importer:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-operator:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-uploadproxy:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/cdi-uploadserver:1.58.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/libguestfs-tools:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-api:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-controller:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-exportproxy:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-exportserver:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-handler:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-launcher:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/sles/15.7/virt-operator:1.4.0

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Container suse/stunnel:latest

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-BYOS

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-BYOS-GCE

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS-Azure

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS-EC2

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS-GCE

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS-GDC

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-CHOST-BYOS-SAP-CCloud

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image SLES15-SP6-GCE

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-Hardened-BYOS

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-Hardened-BYOS-GCE

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-SAP-BYOS

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image SLES15-SP6-SAP-BYOS-GCE

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

Image ai_15_6

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

Image python_15_6

crypto-policies-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP6

crypto-policies-20230920.570ea89-150600.3.3.1

crypto-policies-scripts-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-32bit-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

krb5-devel-1.20.1-150600.11.8.1

krb5-plugin-preauth-otp-1.20.1-150600.11.8.1

krb5-plugin-preauth-pkinit-1.20.1-150600.11.8.1

SUSE Linux Enterprise Module for Server Applications 15 SP6

krb5-plugin-kdb-ldap-1.20.1-150600.11.8.1

krb5-server-1.20.1-150600.11.8.1

openSUSE Leap 15.6

crypto-policies-20230920.570ea89-150600.3.3.1

crypto-policies-scripts-20230920.570ea89-150600.3.3.1

krb5-1.20.1-150600.11.8.1

krb5-32bit-1.20.1-150600.11.8.1

krb5-client-1.20.1-150600.11.8.1

krb5-devel-1.20.1-150600.11.8.1

krb5-devel-32bit-1.20.1-150600.11.8.1

krb5-plugin-kdb-ldap-1.20.1-150600.11.8.1

krb5-plugin-preauth-otp-1.20.1-150600.11.8.1

krb5-plugin-preauth-pkinit-1.20.1-150600.11.8.1

krb5-plugin-preauth-spake-1.20.1-150600.11.8.1

krb5-server-1.20.1-150600.11.8.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250401-1/
Link for SUSE-SU-2025:0401-1
https://lists.suse.com/pipermail/sle-security-updates/2025-February/020299.html
E-Mail link for SUSE-SU-2025:0401-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1236619
SUSE Bug 1236619
https://www.suse.com/security/cve/CVE-2025-24528/
SUSE CVE CVE-2025-24528 page

Описание

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Затронутые продукты

Container bci/bci-base-fips:15.7:crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/bci-base-fips:15.7:crypto-policies-scripts-20230920.570ea89-150600.3.3.1

Container bci/bci-base-fips:latest:crypto-policies-20230920.570ea89-150600.3.3.1

Container bci/bci-base-fips:latest:crypto-policies-scripts-20230920.570ea89-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-24528.html
CVE-2025-24528
https://bugzilla.suse.com/1236619
SUSE Bug 1236619