Security update for krb5 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20719-1 Final 1 1 2025-09-22T08:44:49Z current 2025-09-22T08:44:49Z 2025-09-22T08:44:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5 This update for krb5 fixes the following issues: - CVE-2025-3576: Fixed Kerberos RC4-HMAC-MD5 Checksum Vulnerability (bsc#1241219) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-469 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520719-1/ Link for SUSE-SU-2025:20719-1 https://lists.suse.com/pipermail/sle-updates/2025-September/041915.html E-Mail link for SUSE-SU-2025:20719-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1241219 SUSE Bug 1241219 https://www.suse.com/security/cve/CVE-2025-3576/ SUSE CVE CVE-2025-3576 page SUSE Linux Micro 6.0 krb5-1.20.1-7.1 krb5-client-1.20.1-7.1 krb5-1.20.1-7.1 as a component of SUSE Linux Micro 6.0 krb5-client-1.20.1-7.1 as a component of SUSE Linux Micro 6.0 A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. CVE-2025-3576 SUSE Linux Micro 6.0:krb5-1.20.1-7.1 SUSE Linux Micro 6.0:krb5-client-1.20.1-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520719-1/ https://www.suse.com/security/cve/CVE-2025-3576.html CVE-2025-3576 https://bugzilla.suse.com/1241218 SUSE Bug 1241218