In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.

A flaw was found in krb5. With incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file. This issue can trigger a process crash and lead to a denial of service.

[Prevent overflow when calculating ulog block size]

Security update for crypto-policies, krb5

Security update for krb5

Moderate: krb5 security update

ELSA-2025-7067: krb5 security update (MODERATE)

ELSA-2025-2722: krb5 security update (MODERATE)

ELSA-2025-1352: krb5 security update (MODERATE)