Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE: krb5 Moderate Spoofing Issue CVE-2025-3576 Advisory 2025:03270-1

suse
Calendar Grey September 18, 2025
Dist Suse Esm H88
Notice regarding krb5 patch mitigating CVE-2025-3576 phishing vulnerability, classified as a moderate security concern for SUSE platforms.
* bsc#1241219 Cross-References: * CVE-2025-3576

Summary

## This update for krb5 fixes the following issues: * CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using RC4-HMAC-MD5 (bsc#1241219). Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic standards. To avoid problems with those, SUSE has by default now disabled those algorithms. The following algorithms have been removed from valid krb5 enctypes: * des3-cbc-sha1 * arcfour-hmac-md5 To reenable those algorithms, you can use allow options in `krb5.conf`: [libdefaults] allow_des3 = true allow_rc4 = true ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".

References

* bsc#1241219

Cross-

* CVE-2025-3576

CVSS scores:

* CVE-2025-3576 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-3576 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-3576 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected Products:

* openSUSE Leap 15.5

* SUSE Linux Enterprise Micro 5.5

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2025-3576.html

* https://bugzilla.suse.com/show_bug.cgi?id=1241219

Announcement ID: SUSE-SU-2025:03270-1
Release Date: 2025-09-18T11:18:09Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here