UBUNTU-CVE-2025-3576
- Source
- https://ubuntu.com/security/CVE-2025-3576
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-3576.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-3576
- Upstream
- Downstream
- Related
- Published
- 2025-04-15T06:15:00Z
- Modified
- 2025-09-08T17:06:49Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
- References
Affected packages
Ubuntu:20.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.17-6ubuntu4.11?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.17-6ubuntu4.11
Affected versions
1.*
1.17-6
1.17-6ubuntu3
1.17-6ubuntu4
1.17-6ubuntu4.1
1.17-6ubuntu4.2
1.17-6ubuntu4.3
1.17-6ubuntu4.4
1.17-6ubuntu4.6
1.17-6ubuntu4.7
1.17-6ubuntu4.8
1.17-6ubuntu4.9
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-k5tls"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-kpropd"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "krb5-user"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libgssrpc4"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkadm5clnt-mit11"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkadm5srv-mit11"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkdb5-9"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkrad0"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.17-6ubuntu4.11",
"binary_name": "libkrb5support0"
}
]
}Ubuntu:22.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.7?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.19.2-2ubuntu0.7
Affected versions
1.*
1.18.3-6
1.18.3-7
1.19.2-0ubuntu1
1.19.2-1
1.19.2-2
1.19.2-2ubuntu0.1
1.19.2-2ubuntu0.2
1.19.2-2ubuntu0.3
1.19.2-2ubuntu0.4
1.19.2-2ubuntu0.5
1.19.2-2ubuntu0.6
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-k5tls"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-kpropd"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "krb5-user"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libgssrpc4"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkadm5clnt-mit12"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkadm5srv-mit12"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkdb5-10"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkrad0"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.19.2-2ubuntu0.7",
"binary_name": "libkrb5support0"
}
]
}Ubuntu:24.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.20.1-6ubuntu2.6?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.20.1-6ubuntu2.6
Affected versions
1.*
1.20.1-3ubuntu1
1.20.1-5build1
1.20.1-6ubuntu1
1.20.1-6ubuntu2
1.20.1-6ubuntu2.1
1.20.1-6ubuntu2.2
1.20.1-6ubuntu2.3
1.20.1-6ubuntu2.4
1.20.1-6ubuntu2.5
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-k5tls"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-kpropd"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "krb5-user"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libgssrpc4t64"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkadm5clnt-mit12"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkadm5srv-mit12"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkdb5-10t64"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkrad0"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.20.1-6ubuntu2.6",
"binary_name": "libkrb5support0"
}
]
}Ubuntu:Pro:14.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.12+dfsg-2ubuntu5.4+esm7?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.12+dfsg-2ubuntu5.4+esm7
Affected versions
1.*
1.10.1+dfsg-6.1ubuntu1
1.11.3+dfsg-3ubuntu2
1.12+dfsg-2ubuntu1
1.12+dfsg-2ubuntu2
1.12+dfsg-2ubuntu3
1.12+dfsg-2ubuntu4
1.12+dfsg-2ubuntu4.2
1.12+dfsg-2ubuntu5
1.12+dfsg-2ubuntu5.1
1.12+dfsg-2ubuntu5.2
1.12+dfsg-2ubuntu5.3
1.12+dfsg-2ubuntu5.4
1.12+dfsg-2ubuntu5.4+esm1
1.12+dfsg-2ubuntu5.4+esm2
1.12+dfsg-2ubuntu5.4+esm3
1.12+dfsg-2ubuntu5.4+esm4
1.12+dfsg-2ubuntu5.4+esm5
1.12+dfsg-2ubuntu5.4+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "krb5-user"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libgssrpc4"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkadm5clnt-mit9"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkadm5srv-mit8"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkadm5srv-mit9"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkdb5-7"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkrad0"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.12+dfsg-2ubuntu5.4+esm7",
"binary_name": "libkrb5support0"
}
]
}Ubuntu:Pro:16.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.13.2+dfsg-5ubuntu2.2+esm7?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.13.2+dfsg-5ubuntu2.2+esm7
Affected versions
1.*
1.13.2+dfsg-2
1.13.2+dfsg-3
1.13.2+dfsg-4
1.13.2+dfsg-5
1.13.2+dfsg-5ubuntu1
1.13.2+dfsg-5ubuntu2
1.13.2+dfsg-5ubuntu2.1
1.13.2+dfsg-5ubuntu2.1+esm1
1.13.2+dfsg-5ubuntu2.2
1.13.2+dfsg-5ubuntu2.2+esm3
1.13.2+dfsg-5ubuntu2.2+esm4
1.13.2+dfsg-5ubuntu2.2+esm5
1.13.2+dfsg-5ubuntu2.2+esm6
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-k5tls"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "krb5-user"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libgssrpc4"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkadm5clnt-mit9"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkadm5srv-mit9"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkdb5-8"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkrad0"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.13.2+dfsg-5ubuntu2.2+esm7",
"binary_name": "libkrb5support0"
}
]
}Ubuntu:Pro:18.04:LTS
krb5
Package
- Name
- krb5
- Purl
- pkg:deb/ubuntu/krb5@1.16-2ubuntu0.4+esm5?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16-2ubuntu0.4+esm5
Affected versions
1.*
1.15.1-2
1.16-2
1.16-2build1
1.16-2ubuntu0.1
1.16-2ubuntu0.1+esm1
1.16-2ubuntu0.2
1.16-2ubuntu0.3
1.16-2ubuntu0.4
1.16-2ubuntu0.4+esm1
1.16-2ubuntu0.4+esm2
1.16-2ubuntu0.4+esm3
Ecosystem specific
{
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-admin-server"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-gss-samples"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-k5tls"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-kdc"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-kdc-ldap"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-kpropd"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-locales"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-multidev"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-otp"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-pkinit"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "krb5-user"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libgssapi-krb5-2"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libgssrpc4"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libk5crypto3"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkadm5clnt-mit11"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkadm5srv-mit11"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkdb5-9"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkrad-dev"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkrad0"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkrb5-3"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkrb5-dev"
},
{
"binary_version": "1.16-2ubuntu0.4+esm5",
"binary_name": "libkrb5support0"
}
]
}