ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2025.0401.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2025:0401-1)
Resumen:	The remote host is missing an update for the 'crypto-policies, krb5' package(s) announced via the SUSE-SU-2025:0401-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'crypto-policies, krb5' package(s) announced via the SUSE-SU-2025:0401-1 advisory. Vulnerability Insight: This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support, (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode, (jsc#PED-12018), * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy. Affected Software/OS: 'crypto-policies, krb5' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2025-24528
Copyright	Copyright (C) 2025 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.