1. Ubuntu Security Notices
  2. USN-7542-1

USN-7542-1: Kerberos vulnerability

Publication date

28 May 2025

Overview

Kerberos could be made to expose sensitive information over the network.

Releases

Packages

  • krb5 - MIT Kerberos Network Authentication Protocol

Details

It was discovered that Kerberos allowed the usage of weak cryptographic
standards. An attacker could possibly use this issue to expose sensitive
information.

This update introduces the allow_rc4 and allow_des3 configuration options,
and disables the usage of RC4 and 3DES ciphers by default. Users are
advised to discontinue their usage and upgrade to stronger encryption
protocols. If the use of the insecure RC4 and 3DES algorithms is necessary,
they can be enabled with the aforementioned configuration options.

It was discovered that Kerberos allowed the usage of weak cryptographic
standards. An attacker could possibly use this issue to expose sensitive
information.

This update introduces the allow_rc4 and allow_des3 configuration options,
and disables the usage of RC4 and 3DES ciphers by default. Users are
advised to discontinue their usage and upgrade to stronger encryption
protocols. If the use of the insecure RC4 and 3DES algorithms is necessary,
they can be enabled with the aforementioned configuration options.

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
24.04 noble libk5crypto3 –  1.20.1-6ubuntu2.6
libkrb5-3 –  1.20.1-6ubuntu2.6
22.04 jammy libk5crypto3 –  1.19.2-2ubuntu0.7
libkrb5-3 –  1.19.2-2ubuntu0.7
20.04 focal libk5crypto3 –  1.17-6ubuntu4.11
libkrb5-3 –  1.17-6ubuntu4.11
18.04 bionic libk5crypto3 –  1.16-2ubuntu0.4+esm5  
libkrb5-3 –  1.16-2ubuntu0.4+esm5  
16.04 xenial libk5crypto3 –  1.13.2+dfsg-5ubuntu2.2+esm7  
libkrb5-3 –  1.13.2+dfsg-5ubuntu2.2+esm7  
14.04 trusty libk5crypto3 –  1.12+dfsg-2ubuntu5.4+esm7  
libkrb5-3 –  1.12+dfsg-2ubuntu5.4+esm7  

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›