Alerts This Week
Warning Icon 1 1,394
Alerts This Week
Warning Icon 1 1,394

Ubuntu 24.04 LTS USN-7542-1 Critical: Kerberos Network Exposure

ubuntu
Calendar Grey May 28, 2025
Dist Ubuntu Esm H88
A newly discovered weakness in Kerberos can leak critical data via network traffic. To bolster your system's security, promptly update your Ubuntu machine.
Kerberos could be made to expose sensitive information over the network.

Summary

Kerberos could be made to expose sensitive information over the network.

Software Description:

- krb5: MIT Kerberos Network Authentication Protocol

Details:

It was discovered that Kerberos allowed the usage of weak cryptographic

standards. An attacker could possibly use this issue to expose sensitive

information.

This update introduces the allow_rc4 and allow_des3 configuration options,

and disables the usage of RC4 and 3DES ciphers by default. Users are

advised to discontinue their usage and upgrade to stronger encryption

protocols. If the use of the insecure RC4 and 3DES algorithms is necessary,

they can be enabled with the aforementioned configuration options.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libk5crypto3                    1.20.1-6ubuntu2.6
  libkrb5-3                       1.20.1-6ubuntu2.6

Ubuntu 22.04 LTS
  libk5crypto3                    1.19.2-2ubuntu0.7
  libkrb5-3                       1.19.2-2ubuntu0.7

Ubuntu 20.04 LTS
  libk5crypto3                    1.17-6ubuntu4.11
  libkrb5-3                       1.17-6ubuntu4.11

Ubuntu 18.04 LTS
  libk5crypto3                    1.16-2ubuntu0.4+esm5
                                  Available with Ubuntu Pro
  libkrb5-3                       1.16-2ubuntu0.4+esm5
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  libk5crypto3                    1.13.2+dfsg-5ubuntu2.2+esm7
                                  Available with Ubuntu Pro
  libkrb5-3                       1.13.2+dfsg-5ubuntu2.2+esm7
                                  Available with Ubuntu Pro

Ubuntu 14.04 LTS
  libk5crypto3                    1.12+dfsg-2ubuntu5.4+esm7
                                  Available with Ubuntu Pro
  libkrb5-3                       1.12+dfsg-2ubuntu5.4+esm7
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7542-1

CVE-2025-3576

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7542-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here