KRB5 update for Fedora 42

Fedora Linux 8991 Published 2025-06-09 07:40 by Philipp Esselbach

News

A krb5 security update is available for Fedora Linux 42:

Fedora 42 Update: krb5-1.21.3-6.fc42

[SECURITY] Fedora 42 Update: krb5-1.21.3-6.fc42

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-3de9fe91ff
2025-06-09 02:34:27.502391+00:00
--------------------------------------------------------------------------------

Name : krb5
Product : Fedora 42
Version : 1.21.3
Release : 6.fc42
URL : https://web.mit.edu/kerberos/www/
Summary : The Kerberos network authentication system
Description :
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of sending passwords over the network in unencrypted form.

--------------------------------------------------------------------------------
Update Information:

Disallowing use of the arcfour-hmac(-md5) encryption type for session keys
Add support for the PKINIT paChecksum2 sequence, required for Active Directory
interoperability on Windows Server 2025
Fix generation of RADIUS Message-Authenticator in FIPS mode
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 4 2025 Julien Rische [jrische@redhat.com] - 1.21.3-6
- Do not block HMAC-MD4/5 in FIPS mode
Resolves: rhbz#2370259
- PKINIT: implement paChecksum2 from MS-PKCA v20230920
Resolves: rhbz#2357215
- Disallow RC4 HMAC-MD5 session keys by default (CVE-2025-3576)
Resolves: rhbz#2359705
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2357215 - PKINIT: implement paChecksum2 from MS-PKCA v20230920 [fedora]
https://bugzilla.redhat.com/show_bug.cgi?id=2357215
[ 2 ] Bug #2359705 - CVE-2025-3576 krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2359705
[ 3 ] Bug #2370259 - Do not block HMAC-MD4/5 in FIPS mode [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2370259
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-3de9fe91ff' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

--

KDE neon 20250608 released

Thunderbird, podman, perl-FCGI, Firefox, buildah, skopeo, mod_security updates for RHEL

KRB5 update for Fedora 42

[SECURITY] Fedora 42 Update: krb5-1.21.3-6.fc42

Windows

Linux

macOS

Community