SUSE-CU-2025:6839-1: Security update of suse/sle-micro/5.1/toolbox
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Sep 16 07:15:42 UTC 2025
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6839-1
Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.170 , suse/sle-micro/5.1/toolbox:latest
Container Release : 3.13.170
Severity : moderate
Type : security
References : 1241219 CVE-2025-3576
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:3227-1
Released: Mon Sep 15 14:33:21 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1241219,CVE-2025-3576
This update for krb5 fixes the following issues:
- CVE-2025-3576: weakness in the MD5 checksum design allows for spoofing of GSSAPI-protected messages that are using
RC4-HMAC-MD5 (bsc#1241219).
Krb5, as a very old protocol, supported quite a number of ciphers that are not longer up to current cryptographic
standards.
To avoid problems with those, SUSE has by default now disabled those alorithms.
The following algorithms have been removed from valid krb5 enctypes:
- des3-cbc-sha1
- arcfour-hmac-md5
To reenable those algorithms, you can use allow options in `krb5.conf`:
```
[libdefaults]
allow_des3 = true
allow_rc4 = true
```
The following package changes have been done:
- krb5-1.19.2-150300.25.1 updated
More information about the sle-container-updates
mailing list