File _patchinfo of Package patchinfo.40601

<patchinfo incident="40601">
  <issue tracker="cve" id="2025-3576"/>
  <issue tracker="bnc" id="1241219">VUL-0: CVE-2025-3576: krb5: krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions</issue>
  <packager>npower</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for krb5</summary>
  <description>This update for krb5 fixes the following issues:

- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
  RC4-HMAC-MD5 (bsc#1241219).

Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic
standards.

To avoid problems with those, SUSE has by default now disabled those alorithms.

The following algorithms have been removed from valid krb5 enctypes:

- des3-cbc-sha1
- arcfour-hmac-md5

To reenable those algorithms, you can use allow options in `krb5.conf`:

```
[libdefaults]
allow_des3 = true
allow_rc4 = true
```
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo.40601

Places
