An update for krb5 is now available for openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2124 Final 1.0 1.0 2025-09-05 Initial 2025-09-05 2025-09-05 openEuler SA Tool V1.0 2025-09-05 krb5 security update An update for krb5 is now available for openEuler-22.03-LTS-SP3 Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Security Fix(es): A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.(CVE-2025-3576) An update for krb5 is now available for openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium krb5 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2124 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-3576 https://nvd.nist.gov/vuln/detail/CVE-2025-3576 openEuler-22.03-LTS-SP3 krb5-help-1.19.2-26.oe2203sp3.noarch.rpm krb5-1.19.2-26.oe2203sp3.aarch64.rpm krb5-client-1.19.2-26.oe2203sp3.aarch64.rpm krb5-debuginfo-1.19.2-26.oe2203sp3.aarch64.rpm krb5-debugsource-1.19.2-26.oe2203sp3.aarch64.rpm krb5-devel-1.19.2-26.oe2203sp3.aarch64.rpm krb5-libs-1.19.2-26.oe2203sp3.aarch64.rpm krb5-server-1.19.2-26.oe2203sp3.aarch64.rpm krb5-1.19.2-26.oe2203sp3.src.rpm krb5-1.19.2-26.oe2203sp3.x86_64.rpm krb5-client-1.19.2-26.oe2203sp3.x86_64.rpm krb5-debuginfo-1.19.2-26.oe2203sp3.x86_64.rpm krb5-debugsource-1.19.2-26.oe2203sp3.x86_64.rpm krb5-devel-1.19.2-26.oe2203sp3.x86_64.rpm krb5-libs-1.19.2-26.oe2203sp3.x86_64.rpm krb5-server-1.19.2-26.oe2203sp3.x86_64.rpm A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. 2025-09-05 CVE-2025-3576 openEuler-22.03-LTS-SP3 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N krb5 security update 2025-09-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2124