An update for krb5 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1135 Final 1.0 1.0 2025-02-14 Initial 2025-02-14 2025-02-14 openEuler SA Tool V1.0 2025-02-14 krb5 security update An update for krb5 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4 Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fix(es): In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash.(CVE-2025-24528) An update for krb5 is now available for openEuler-22.03-LTS-SP3,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium krb5 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1135 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-24528 https://nvd.nist.gov/vuln/detail/CVE-2025-24528 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 krb5-1.19.2-23.oe2203sp3.aarch64.rpm krb5-client-1.19.2-23.oe2203sp3.aarch64.rpm krb5-debuginfo-1.19.2-23.oe2203sp3.aarch64.rpm krb5-debugsource-1.19.2-23.oe2203sp3.aarch64.rpm krb5-devel-1.19.2-23.oe2203sp3.aarch64.rpm krb5-libs-1.19.2-23.oe2203sp3.aarch64.rpm krb5-server-1.19.2-23.oe2203sp3.aarch64.rpm krb5-1.19.2-23.oe2203sp4.aarch64.rpm krb5-client-1.19.2-23.oe2203sp4.aarch64.rpm krb5-debuginfo-1.19.2-23.oe2203sp4.aarch64.rpm krb5-debugsource-1.19.2-23.oe2203sp4.aarch64.rpm krb5-devel-1.19.2-23.oe2203sp4.aarch64.rpm krb5-libs-1.19.2-23.oe2203sp4.aarch64.rpm krb5-server-1.19.2-23.oe2203sp4.aarch64.rpm krb5-1.21.2-14.oe2403.aarch64.rpm krb5-client-1.21.2-14.oe2403.aarch64.rpm krb5-debuginfo-1.21.2-14.oe2403.aarch64.rpm krb5-debugsource-1.21.2-14.oe2403.aarch64.rpm krb5-devel-1.21.2-14.oe2403.aarch64.rpm krb5-libs-1.21.2-14.oe2403.aarch64.rpm krb5-server-1.21.2-14.oe2403.aarch64.rpm krb5-1.21.2-14.oe2403sp1.aarch64.rpm krb5-client-1.21.2-14.oe2403sp1.aarch64.rpm krb5-debuginfo-1.21.2-14.oe2403sp1.aarch64.rpm krb5-debugsource-1.21.2-14.oe2403sp1.aarch64.rpm krb5-devel-1.21.2-14.oe2403sp1.aarch64.rpm krb5-libs-1.21.2-14.oe2403sp1.aarch64.rpm krb5-server-1.21.2-14.oe2403sp1.aarch64.rpm krb5-1.18.2-17.oe2003sp4.aarch64.rpm krb5-client-1.18.2-17.oe2003sp4.aarch64.rpm krb5-debuginfo-1.18.2-17.oe2003sp4.aarch64.rpm krb5-debugsource-1.18.2-17.oe2003sp4.aarch64.rpm krb5-devel-1.18.2-17.oe2003sp4.aarch64.rpm krb5-libs-1.18.2-17.oe2003sp4.aarch64.rpm krb5-server-1.18.2-17.oe2003sp4.aarch64.rpm krb5-1.19.2-23.oe2203sp3.src.rpm krb5-1.19.2-23.oe2203sp4.src.rpm krb5-1.21.2-14.oe2403.src.rpm krb5-1.21.2-14.oe2403sp1.src.rpm krb5-1.18.2-17.oe2003sp4.src.rpm krb5-1.19.2-23.oe2203sp3.x86_64.rpm krb5-client-1.19.2-23.oe2203sp3.x86_64.rpm krb5-debuginfo-1.19.2-23.oe2203sp3.x86_64.rpm krb5-debugsource-1.19.2-23.oe2203sp3.x86_64.rpm krb5-devel-1.19.2-23.oe2203sp3.x86_64.rpm krb5-libs-1.19.2-23.oe2203sp3.x86_64.rpm krb5-server-1.19.2-23.oe2203sp3.x86_64.rpm krb5-1.19.2-23.oe2203sp4.x86_64.rpm krb5-client-1.19.2-23.oe2203sp4.x86_64.rpm krb5-debuginfo-1.19.2-23.oe2203sp4.x86_64.rpm krb5-debugsource-1.19.2-23.oe2203sp4.x86_64.rpm krb5-devel-1.19.2-23.oe2203sp4.x86_64.rpm krb5-libs-1.19.2-23.oe2203sp4.x86_64.rpm krb5-server-1.19.2-23.oe2203sp4.x86_64.rpm krb5-1.21.2-14.oe2403.x86_64.rpm krb5-client-1.21.2-14.oe2403.x86_64.rpm krb5-debuginfo-1.21.2-14.oe2403.x86_64.rpm krb5-debugsource-1.21.2-14.oe2403.x86_64.rpm krb5-devel-1.21.2-14.oe2403.x86_64.rpm krb5-libs-1.21.2-14.oe2403.x86_64.rpm krb5-server-1.21.2-14.oe2403.x86_64.rpm krb5-1.21.2-14.oe2403sp1.x86_64.rpm krb5-client-1.21.2-14.oe2403sp1.x86_64.rpm krb5-debuginfo-1.21.2-14.oe2403sp1.x86_64.rpm krb5-debugsource-1.21.2-14.oe2403sp1.x86_64.rpm krb5-devel-1.21.2-14.oe2403sp1.x86_64.rpm krb5-libs-1.21.2-14.oe2403sp1.x86_64.rpm krb5-server-1.21.2-14.oe2403sp1.x86_64.rpm krb5-1.18.2-17.oe2003sp4.x86_64.rpm krb5-client-1.18.2-17.oe2003sp4.x86_64.rpm krb5-debuginfo-1.18.2-17.oe2003sp4.x86_64.rpm krb5-debugsource-1.18.2-17.oe2003sp4.x86_64.rpm krb5-devel-1.18.2-17.oe2003sp4.x86_64.rpm krb5-libs-1.18.2-17.oe2003sp4.x86_64.rpm krb5-server-1.18.2-17.oe2003sp4.x86_64.rpm krb5-help-1.19.2-23.oe2203sp3.noarch.rpm krb5-help-1.19.2-23.oe2203sp4.noarch.rpm krb5-help-1.21.2-14.oe2403.noarch.rpm krb5-help-1.21.2-14.oe2403sp1.noarch.rpm krb5-help-1.18.2-17.oe2003sp4.noarch.rpm In MIT krb5 release 1.7 and later with incremental propagation enabled, an authenticated attacker can cause kadmind to write beyond the end of the mapped region for the iprop log file, likely causing a process crash. 2025-02-14 CVE-2025-24528 openEuler-22.03-LTS-SP3 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-20.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H krb5 security update 2025-02-14 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1135