Overview

File _patchinfo of Package patchinfo.40603

<patchinfo incident="40603">
  <issue tracker="cve" id="2025-3576"/>
  <issue tracker="bnc" id="1241219">VUL-0: CVE-2025-3576: krb5: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions</issue>
  <packager>npower</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for krb5</summary>
  <description>This update for krb5 fixes the following issues:

- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
  RC4-HMAC-MD5 (bsc#1241219).

Krb5 as very old protocol supported quite a number of ciphers
that are not longer up to current cryptographic standards.

To avoid problems with those, SUSE has by default now disabled
those alorithms.

The following algorithms have been removed from valid krb5 enctypes:

- des3-cbc-sha1
- arcfour-hmac-md5

To reenable those algorithms, you can use allow options in krb5.conf:

[libdefaults]

allow_des3 = true
allow_rc4 = true

to reenable them.



</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places