Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.6: SUSE-SU-2025:0401-1 moderate: krb5 security issue

opensuse
Calendar Grey February 10, 2025
Dist Opensuse Esm H88
SUSE-SU-2023:0492-1 security patch for open-vm-tools and vim fixes a significant vulnerability. Please upgrade promptly.
An update that solves one vulnerability and contains one feature can now be installed.

Description

This update for crypto-policies and krb5 fixes the following issues:

Security issue fixed:

* CVE-2025-24528: Fixed out-of-bounds write caused by overflow when

calculating ulog block size can lead to process crash (bsc#1236619).

Feature addition:

* Add crypto-policies support; (jsc#PED-12018)

* The default krb5.conf has been updated to include config snippets in the

krb5.conf.d directory, where crypto-policies drops its.

* Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018);

* This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and

AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these

encryption types are allowed or not in FIPS mode is enforced now by the

FIPS:AD-SUPPORT subpolicy.

Topics%20covered

Topics Covered

security advisory moderate update threat krb5 openSUSE crypto-policies

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2025-401=1 openSUSE-SLE-15.6-2025-401=1

* Basesystem Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-401=1

* Server Applications Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-401=1

Package List

* openSUSE Leap 15.6 (noarch)

* crypto-policies-20230920.570ea89-150600.3.3.1

* crypto-policies-scripts-20230920.570ea89-150600.3.3.1

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* krb5-debugsource-1.20.1-150600.11.8.1

* krb5-plugin-preauth-pkinit-1.20.1-150600.11.8.1

* krb5-plugin-preauth-spake-1.20.1-150600.11.8.1

* krb5-server-debuginfo-1.20.1-150600.11.8.1

* krb5-mini-debuginfo-1.20.1-150600.11.8.1

* krb5-plugin-kdb-ldap-debuginfo-1.20.1-150600.11.8.1

* krb5-mini-1.20.1-150600.11.8.1

* krb5-mini-devel-1.20.1-150600.11.8.1

* krb5-devel-1.20.1-150600.11.8.1

* krb5-client-debuginfo-1.20.1-150600.11.8.1

* krb5-debuginfo-1.20.1-150600.11.8.1

* krb5-plugin-kdb-ldap-1.20.1-150600.11.8.1

* krb5-plugin-preauth-otp-1.20.1-150600.11.8.1

* krb5-client-1.20.1-150600.11.8.1

* krb5-plugin-preauth-spake-debuginfo-1.20.1-150600.11.8.1

* krb5-mini-debugsource-1.20.1-150600.11.8.1

* krb5-plugin-preauth-otp-debuginfo-1.20.1-150600.11.8.1

* krb5-1.20.1-150600.11.8.1

* krb5-server-1.20.1-150600.11.8.1

*...

Read the Full Advisory

References

* bsc#1236619

* jsc#PED-12018

## References:

* https://www.suse.com/security/cve/CVE-2025-24528.html

* https://bugzilla.suse.com/show_bug.cgi?id=1236619

* https://jira.suse.com/login.jsp?permissionViolation=true&os_destination=%2Fbrowse%2FPED-12018&page_caps=&user_role=

Announcement ID: SUSE-SU-2025:0401-1
Release Date: 2025-02-10T09:38:40Z
Affected Products: * Basesystem Module 15-SP6 * openSUSE Leap 15.6 * Server Applications Module 15-SP6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

security advisory moderate update threat krb5 openSUSE crypto-policies

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here