Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a1605776 by Salvatore Bonaccorso at 2025-04-19T21:45:04+02:00
Add information for CVE-2025-3576/krb5
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2501,6 +2501,11 @@ CVE-2025-3588 (A vulnerability, which was classified as
problematic, has been fo
CVE-2025-3576 (A vulnerability in the MIT Kerberos implementation allows
GSSAPI-prote ...)
- krb5 <unfixed> (bug #1103525)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2359465
+ NOTE: CVE relates to issues covered in:
+ NOTE:
https://i.blackhat.com/EU-22/Thursday-Briefings/EU-22-Tervoort-Breaking-Kerberos-RC4-Cipher-and-Spoofing-Windows-PACs-wp.pdf
+ NOTE: Since upstream 1.21 (cf. https://web.mit.edu/kerberos/krb5-1.21/)
the KDC
+ NOTE: will no longer issue tickets with RC4 or triple-DES session keys
unless
+ NOTE: explicitly configured with the new allow_rc4 or allow_des3
variables respectively.
CVE-2025-3573 (Versions of the package jquery-validation before 1.20.0 are
vulnerable ...)
- civicrm <unfixed> (bug #1103445)
NOTE: https://github.com/jquery-validation/jquery-validation/pull/2462
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1605776fe210ac9065c2a26fa339be320ab5e96
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a1605776fe210ac9065c2a26fa339be320ab5e96
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
