Ubuntu alert USN-7542-1 (krb5)

From:
             
 
noreply+usn-bot@canonical.com
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7542-1] Kerberos vulnerability
Date:
             
 
Wed, 28 May 2025 18:09:06 +0000
Message-ID:
             
 
<E1uKLD8-0000OJ-Vc@lists.ubuntu.com>
==========================================================================
Ubuntu Security Notice USN-7542-1
May 28, 2025

krb5 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Kerberos could be made to expose sensitive information over the network.

Software Description:
- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos allowed the usage of weak cryptographic
standards. An attacker could possibly use this issue to expose sensitive
information.

This update introduces the allow_rc4 and allow_des3 configuration options,
and disables the usage of RC4 and 3DES ciphers by default. Users are
advised to discontinue their usage and upgrade to stronger encryption
protocols. If the use of the insecure RC4 and 3DES algorithms is necessary,
they can be enabled with the aforementioned configuration options.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libk5crypto3                    1.20.1-6ubuntu2.6
  libkrb5-3                       1.20.1-6ubuntu2.6

Ubuntu 22.04 LTS
  libk5crypto3                    1.19.2-2ubuntu0.7
  libkrb5-3                       1.19.2-2ubuntu0.7

Ubuntu 20.04 LTS
  libk5crypto3                    1.17-6ubuntu4.11
  libkrb5-3                       1.17-6ubuntu4.11

Ubuntu 18.04 LTS
  libk5crypto3                    1.16-2ubuntu0.4+esm5
                                  Available with Ubuntu Pro
  libkrb5-3                       1.16-2ubuntu0.4+esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libk5crypto3                    1.13.2+dfsg-5ubuntu2.2+esm7
                                  Available with Ubuntu Pro
  libkrb5-3                       1.13.2+dfsg-5ubuntu2.2+esm7
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libk5crypto3                    1.12+dfsg-2ubuntu5.4+esm7
                                  Available with Ubuntu Pro
  libkrb5-3                       1.12+dfsg-2ubuntu5.4+esm7
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7542-1
  CVE-2025-3576

Package Information:
  https://launchpad.net/ubuntu/+source/krb5/1.20.1-6ubuntu2.6
  https://launchpad.net/ubuntu/+source/krb5/1.19.2-2ubuntu0.7
  https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.11


Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmg3ULAACgkQcpJm3tlz
hgFbVQ//ecX5//3Tc7OBrogcXlNE3LIV9F6Aqwl+/EYpfkhfV+IXKYdxX87kF2oR
WVUx+McJivvoYKIULFthj/0gBgKLghYYQEYBVC9fcE69NJGZ882ZQeqYwy7n2qyD
eC0hvjD/Roi9c7/fW2g92ZOv0UvlRgkcc8Jf/5UXy+IX+GJjQjlSgpefB14KFzoj
rEvtD8BhWxOE1ZmPi6+1p+g6WpTZwAQHHb0tIM38+w6Pn/F1kbyPuac5TsPeuCc4
HjaXbLz3X62tYhYT/kgY4Vxd1NHvwE32/b8MKQedYQr4u1XVhuXdmjxHl0By59Vx
XQ+UpodS+SPQ1pN8lz8lrA0q3h7HhEOMG0UTwNqytMgNxHVpHSzqMwygBuWHJls2
6Bh6MxVb8q7umRD7aKvUhT9z5M05wfQj2qm39rWnRE23TS79E7vM2FefZnhvm2ov
Ff1IqM3xKSqphOYmFpWIiGZ8Ghs8f0MP5JvswCpLDimQaUDRuPqnVTxblmmV0vyS
ReFZzCfj3CfXgh/depv6YEzSW703EeJZEIRKS/N420BqC5voja5q5mtDEbVnt3mY
Rr3iq9qLlRyrbslV4jY2z9wrb91inw4fJCrIVZ/uwU1qAUwRQg+UOw9togZPETQ6
oePeuNEGE3yKZa6pjgY7ClyP1jz+IOzjEKWyjDn7wlWDAL4Hn3E=
=wJDx
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)