ALAS2023-2025-1173

Amazon Linux 2023 Security Advisory: ALAS2023-2025-1173
Advisory Released Date: 2025-09-08
Advisory Updated Date: 2025-09-08

Severity: Medium

References: CVE-2025-24528 CVE-2025-3576
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

krb5: overflow when calculating ulog block size (CVE-2025-24528)

A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering. (CVE-2025-3576)

Affected Packages:

krb5

Issue Correction:
Run dnf update krb5 --releasever 2023.8.20250908 or dnf update --advisory ALAS2023-2025-1173 --releasever 2023.8.20250908 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:

aarch64:
    libkadm5-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-workstation-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-pkinit-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-server-ldap-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-libs-1.21.3-6.amzn2023.0.1.aarch64
    krb5-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-pkinit-1.21.3-6.amzn2023.0.1.aarch64
    krb5-libs-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-server-ldap-1.21.3-6.amzn2023.0.1.aarch64
    krb5-server-1.21.3-6.amzn2023.0.1.aarch64
    krb5-debugsource-1.21.3-6.amzn2023.0.1.aarch64
    libkadm5-1.21.3-6.amzn2023.0.1.aarch64
    krb5-devel-1.21.3-6.amzn2023.0.1.aarch64
    krb5-server-debuginfo-1.21.3-6.amzn2023.0.1.aarch64
    krb5-workstation-1.21.3-6.amzn2023.0.1.aarch64

src:
    krb5-1.21.3-6.amzn2023.0.1.src

x86_64:
    krb5-libs-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-devel-1.21.3-6.amzn2023.0.1.x86_64
    krb5-workstation-1.21.3-6.amzn2023.0.1.x86_64
    libkadm5-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-server-1.21.3-6.amzn2023.0.1.x86_64
    krb5-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-workstation-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-server-ldap-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-pkinit-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-server-debuginfo-1.21.3-6.amzn2023.0.1.x86_64
    krb5-debugsource-1.21.3-6.amzn2023.0.1.x86_64
    krb5-server-ldap-1.21.3-6.amzn2023.0.1.x86_64
    libkadm5-1.21.3-6.amzn2023.0.1.x86_64
    krb5-libs-1.21.3-6.amzn2023.0.1.x86_64
    krb5-pkinit-1.21.3-6.amzn2023.0.1.x86_64

Additional References

Release Notes: Amazon Linux 2023 Release Notes

Red Hat: CVE-2025-24528, CVE-2025-3576

Mitre: CVE-2025-24528, CVE-2025-3576