Security update for krb5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:0343-1 Final 1 1 2025-02-03T17:03:58Z current 2025-02-03T17:03:58Z 2025-02-03T17:03:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5 This update for krb5 fixes the following issues: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container suse/ltss/sle15.4/bci-base:latest-2025-343,Container suse/manager/4.3/proxy-httpd:latest-2025-343,Container suse/manager/4.3/proxy-salt-broker:latest-2025-343,Container suse/manager/4.3/proxy-squid:latest-2025-343,Container suse/manager/4.3/proxy-ssh:latest-2025-343,Container suse/manager/4.3/proxy-tftpd:latest-2025-343,Container suse/sle-micro-rancher/5.3:latest-2025-343,Container suse/sle-micro-rancher/5.4:latest-2025-343,Container suse/sle-micro/5.3/toolbox:latest-2025-343,Container suse/sle-micro/5.4/toolbox:latest-2025-343,Image SLES15-SP4-BYOS-2025-343,Image SLES15-SP4-BYOS-GCE-2025-343,Image SLES15-SP4-Hardened-BYOS-2025-343,Image SLES15-SP4-Hardened-BYOS-GCE-2025-343,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-2025-343,Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2-2025-343,Image SLES15-SP4-Micro-5-3-2025-343,Image SLES15-SP4-Micro-5-3-BYOS-2025-343,Image SLES15-SP4-Micro-5-3-BYOS-EC2-2025-343,Image SLES15-SP4-Micro-5-3-EC2-2025-343,Image SLES15-SP4-Micro-5-4-2025-343,Image SLES15-SP4-Micro-5-4-BYOS-2025-343,Image SLES15-SP4-Micro-5-4-BYOS-EC2-2025-343,Image SLES15-SP4-Micro-5-4-EC2-2025-343,Image SLES15-SP4-SAP-BYOS-2025-343,Image SLES15-SP4-SAP-BYOS-GCE-2025-343,Image SLES15-SP4-SAP-Hardened-BYOS-2025-343,Image SLES15-SP4-SAP-Hardened-BYOS-EC2-2025-343,SUSE-2025-343,SUSE-SLE-Micro-5.3-2025-343,SUSE-SLE-Micro-5.4-2025-343 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20250343-1/ Link for SUSE-SU-2025:0343-1 https://lists.suse.com/pipermail/sle-security-updates/2025-February/020265.html E-Mail link for SUSE-SU-2025:0343-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1236619 SUSE Bug 1236619 https://www.suse.com/security/cve/CVE-2025-24528/ SUSE CVE CVE-2025-24528 page Container suse/ltss/sle15.4/bci-base:latest Container suse/manager/4.3/proxy-httpd:latest Container suse/manager/4.3/proxy-salt-broker:latest Container suse/manager/4.3/proxy-squid:latest Container suse/manager/4.3/proxy-ssh:latest Container suse/manager/4.3/proxy-tftpd:latest Container suse/sle-micro-rancher/5.3:latest Container suse/sle-micro-rancher/5.4:latest Container suse/sle-micro/5.3/toolbox:latest Container suse/sle-micro/5.4/toolbox:latest Image SLES15-SP4-BYOS Image SLES15-SP4-BYOS-GCE Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-GCE Image SLES15-SP4-Manager-Proxy-4-3-BYOS Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 Image SLES15-SP4-Micro-5-3 Image SLES15-SP4-Micro-5-3-BYOS Image SLES15-SP4-Micro-5-3-BYOS-EC2 Image SLES15-SP4-Micro-5-3-EC2 Image SLES15-SP4-Micro-5-4 Image SLES15-SP4-Micro-5-4-BYOS Image SLES15-SP4-Micro-5-4-BYOS-EC2 Image SLES15-SP4-Micro-5-4-EC2 Image SLES15-SP4-SAP-BYOS Image SLES15-SP4-SAP-BYOS-GCE Image SLES15-SP4-SAP-Hardened-BYOS Image SLES15-SP4-SAP-Hardened-BYOS-EC2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 krb5-1.19.2-150400.3.15.1 krb5-client-1.19.2-150400.3.15.1 krb5-32bit-1.19.2-150400.3.15.1 krb5-64bit-1.19.2-150400.3.15.1 krb5-devel-1.19.2-150400.3.15.1 krb5-devel-32bit-1.19.2-150400.3.15.1 krb5-devel-64bit-1.19.2-150400.3.15.1 krb5-mini-1.19.2-150400.3.15.1 krb5-mini-devel-1.19.2-150400.3.15.1 krb5-plugin-kdb-ldap-1.19.2-150400.3.15.1 krb5-plugin-preauth-otp-1.19.2-150400.3.15.1 krb5-plugin-preauth-pkinit-1.19.2-150400.3.15.1 krb5-plugin-preauth-spake-1.19.2-150400.3.15.1 krb5-server-1.19.2-150400.3.15.1 krb5-1.19.2-150400.3.15.1 as a component of Container suse/ltss/sle15.4/bci-base:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/manager/4.3/proxy-httpd:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/manager/4.3/proxy-salt-broker:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/manager/4.3/proxy-squid:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/manager/4.3/proxy-ssh:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/manager/4.3/proxy-tftpd:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/sle-micro-rancher/5.3:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/sle-micro-rancher/5.4:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/sle-micro/5.3/toolbox:latest krb5-1.19.2-150400.3.15.1 as a component of Container suse/sle-micro/5.4/toolbox:latest krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-BYOS krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-BYOS-GCE krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-BYOS-GCE krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Hardened-BYOS krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Hardened-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Hardened-BYOS-GCE krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Hardened-BYOS-GCE krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-3 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-3-BYOS-EC2 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-3-EC2 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-4 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-4-BYOS-EC2 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-Micro-5-4-EC2 krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-BYOS krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-BYOS-GCE krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-BYOS-GCE krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS krb5-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-EC2 krb5-client-1.19.2-150400.3.15.1 as a component of Image SLES15-SP4-SAP-Hardened-BYOS-EC2 krb5-1.19.2-150400.3.15.1 as a component of SUSE Linux Enterprise Micro 5.3 krb5-1.19.2-150400.3.15.1 as a component of SUSE Linux Enterprise Micro 5.4 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-24528 Container suse/ltss/sle15.4/bci-base:latest:krb5-1.19.2-150400.3.15.1 Container suse/manager/4.3/proxy-httpd:latest:krb5-1.19.2-150400.3.15.1 Container suse/manager/4.3/proxy-salt-broker:latest:krb5-1.19.2-150400.3.15.1 Container suse/manager/4.3/proxy-squid:latest:krb5-1.19.2-150400.3.15.1 Container suse/manager/4.3/proxy-ssh:latest:krb5-1.19.2-150400.3.15.1 Container suse/manager/4.3/proxy-tftpd:latest:krb5-1.19.2-150400.3.15.1 Container suse/sle-micro-rancher/5.3:latest:krb5-1.19.2-150400.3.15.1 Container suse/sle-micro-rancher/5.4:latest:krb5-1.19.2-150400.3.15.1 Container suse/sle-micro/5.3/toolbox:latest:krb5-1.19.2-150400.3.15.1 Container suse/sle-micro/5.4/toolbox:latest:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-BYOS-GCE:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-BYOS-GCE:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-BYOS:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-Hardened-BYOS-GCE:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Hardened-BYOS-GCE:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-Hardened-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Hardened-BYOS:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Manager-Proxy-4-3-BYOS:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-3-BYOS-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-3-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-3-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-3:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-4-BYOS-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-4-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-4-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-Micro-5-4:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-BYOS-GCE:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-BYOS-GCE:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-BYOS:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-Hardened-BYOS-EC2:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-Hardened-BYOS-EC2:krb5-client-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-Hardened-BYOS:krb5-1.19.2-150400.3.15.1 Image SLES15-SP4-SAP-Hardened-BYOS:krb5-client-1.19.2-150400.3.15.1 SUSE Linux Enterprise Micro 5.3:krb5-1.19.2-150400.3.15.1 SUSE Linux Enterprise Micro 5.4:krb5-1.19.2-150400.3.15.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20250343-1/ https://www.suse.com/security/cve/CVE-2025-24528.html CVE-2025-24528 https://bugzilla.suse.com/1236619 SUSE Bug 1236619