Ubuntu alert USN-7257-1 (krb5)
| From: | Nico Campuzano <nicolas.campuzano@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7257-1] Kerberos vulnerability | |
| Date: | Wed, 05 Feb 2025 00:25:42 -0500 | |
| Message-ID: | <ec8c8917-70d5-488b-966c-c6a63e24a040@canonical.com> |
========================================================================== Ubuntu Security Notice USN-7257-1 February 05, 2025 krb5 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: A system authentication measure could be bypassed. Software Description: - krb5: MIT Kerberos Network Authentication Protocol Details: Goldberg, Miro Haller, Nadia Heninger, Mike Milano, Dan Shumow, Marc Stevens, and Adam Suhl discovered that Kerberos incorrectly authenticated certain responses. An attacker able to intercept communications between a RADIUS client and server could possibly use this issue to forge responses, bypass authentication, and access network devices and services. This update introduces support for the Message-Authenticator attribute in non-EAP authentication methods for communications between Kerberos and a RADIUS server. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libk5crypto3 1.21.3-3ubuntu0.1 libkrad0 1.21.3-3ubuntu0.1 Ubuntu 24.04 LTS libk5crypto3 1.20.1-6ubuntu2.3 libkrad0 1.20.1-6ubuntu2.3 Ubuntu 22.04 LTS libk5crypto3 1.19.2-2ubuntu0.5 libkrad0 1.19.2-2ubuntu0.5 Ubuntu 20.04 LTS libk5crypto3 1.17-6ubuntu4.8 libkrad0 1.17-6ubuntu4.8 Ubuntu 18.04 LTS libk5crypto3 1.16-2ubuntu0.4+esm3 Available with Ubuntu Pro libkrad0 1.16-2ubuntu0.4+esm3 Available with Ubuntu Pro Ubuntu 16.04 LTS libk5crypto3 1.13.2+dfsg-5ubuntu2.2+esm6 Available with Ubuntu Pro libkrad0 1.13.2+dfsg-5ubuntu2.2+esm6 Available with Ubuntu Pro Ubuntu 14.04 LTS libk5crypto3 1.12+dfsg-2ubuntu5.4+esm6 Available with Ubuntu Pro libkrad0 1.12+dfsg-2ubuntu5.4+esm6 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7257-1 CVE-2024-3596 Package Information: https://launchpad.net/ubuntu/+source/krb5/1.21.3-3ubuntu0.1 https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.3 https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.5 https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.8
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAmei9lcFAwAAAAAACgkQlFzKVeTWQe5f VRAAoGLKEVOQjHNxQ5s0R5FMqVBiVk7CfMKq7sE5FDhCwRW3qnFBwbRunL78DtShIDYtmu9plriU kvLE0P6nSygxediPin5G3rnsSlKiJ3ywY5yZgojcVI7dMuVvxohRxd7RBYuOlsqQOU7DVdIaJqsO Sk05RlKsXZUr/D9ZSI6Nwb2kCInHFZu3S54hY+V5tWOTmtJlIMIcZFGrbgs6oPQNE3DmT8Qs0Mz/ 0f1y9CE5KwkVOJC7mTGuwICOK9rj7vkm5M/by/gtt5OsxyZOaWauiXFq0LEiFcCSQ0PZbxutGgC0 EHk+HrnSudPOqhAWBCQJeqbSnAY4RTtW58QxL0XvGYKRqFWuXiDhJ2cKyZJJZdiNycZ0N39upTpr NJBz14UDWseoLJBJn3tAZrikPtNjZ1qwYKobroIgDniDj/unaER1GQUSYPQuycP3VhmpVoCvA7iH BKhT/nHFL1jVeTwWYxaIm15TO6oP7bGo4JmzGBjhIBKfIV0Sxo6nS6UurZ/P34uGDXVNQHVTTu5C N+xZAMn6fNdZbMH9LjgDGFSj5Z/cFcmF1zUjXsgBLCq0pI9tFpCfcpYunXgKdG3jhbYTRSuktIFs Vm5wkE4awaURk9hDk9VHL8lMvHLvlrwyRQIbaB+O6ai7orXScRekh9bCy1PNoBm0X8QYRHpSCXcU RN0= =Bswa -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)