RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.x86_64.rpm bad001a146f46c9dc8fe08f10792926a1e21b1d32c7e996ceeafa6f92847852e libsss_autofs-2.11.1-2.el10_1.1.x86_64.rpm 2ec7e9a487815c69574d06cf2ee07b19f4fa191c094ed19997b421c434815dde libsss_certmap-2.11.1-2.el10_1.1.x86_64.rpm 54eac306740f3c78836c127e86fa555d35b489f2b76c45c9679ce4f9267d4989 libsss_idmap-2.11.1-2.el10_1.1.x86_64.rpm f8d94fb2d62bd3001a2046f82e8f005c533a86f74b75af4ad527bbe5be5e6003 libsss_nss_idmap-2.11.1-2.el10_1.1.x86_64.rpm 04d33462dd10d608a88cc43c37eefc3d5f379b4ef7d974fae11a6305c0cf4c05 libsss_sudo-2.11.1-2.el10_1.1.x86_64.rpm 37542fb9b44177f308ab3fb81ba50a02b69ed545076bf874dc195561ce15e444 python3-libipa_hbac-2.11.1-2.el10_1.1.x86_64.rpm bf2426a3db93e0f42bcee926799138f821110cc4d8edf8a8b0274b593ab49da7 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.x86_64.rpm 20e8c6b131f9167a69e170129ef17aca288a6c55452f2888c1e5092efb89c64a python3-sss-2.11.1-2.el10_1.1.x86_64.rpm 151dd9683e8d4a72d5465ace307186c0a341123caf70a2c9ec644eb538afd148 python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.x86_64.rpm 556d1171a17888ee476be668912994cb3b814707b9debc5f4841cd877873b932 sssd-2.11.1-2.el10_1.1.x86_64.rpm 32ca5cf0b49d9b039442b15112407cfa31a256783f6edbb0e8e86e864b8e480d sssd-ad-2.11.1-2.el10_1.1.x86_64.rpm 9f364b807b641ed843dd09bc94c3b3aadb53022301741c15c73c7425aaecc1e8 sssd-client-2.11.1-2.el10_1.1.x86_64.rpm 3da0afdb004952939789b2210e748427314fc81317e5635d170350e447b644fa sssd-common-2.11.1-2.el10_1.1.x86_64.rpm 6d44acd9118801009c5c8518e3d4c7c6d803e95c6df7c327d07077e91846f67d sssd-common-pac-2.11.1-2.el10_1.1.x86_64.rpm f369f2c8a9615cc10ee483cfae94a7303552ddf994ccb8e31cdb398e971d7858 sssd-dbus-2.11.1-2.el10_1.1.x86_64.rpm e08ef54e631b00dfa2df1da0b9829b2292a5bacae488999fefbb25fadf99fce6 sssd-ipa-2.11.1-2.el10_1.1.x86_64.rpm fb92e039ddaf20794ab899b6548cba92ad8ddf780cd2cc6e3b9d6442350b2146 sssd-kcm-2.11.1-2.el10_1.1.x86_64.rpm 5e9173ba3870ba74df9882d25d5bfb0de981abb0729be856250e1ae1ca8f4fb0 sssd-krb5-2.11.1-2.el10_1.1.x86_64.rpm 477de127d125bb4c3837aa7d98d9df1e9b49b12914b3230c92e6a014f3bebc7f sssd-krb5-common-2.11.1-2.el10_1.1.x86_64.rpm f602fa53e2d3a4b6a2cb9d601b083d78d52c888ce712be1e52e441c398eb3d05 sssd-ldap-2.11.1-2.el10_1.1.x86_64.rpm 74e7662fe637e4793fa40a66046234fcddb8887a1bf2e2595526899d4202c12e sssd-nfs-idmap-2.11.1-2.el10_1.1.x86_64.rpm ee908eb3aa05068d151c0354ea67fe3b78a6a52d23d653167bc2a573ab6f466c sssd-passkey-2.11.1-2.el10_1.1.x86_64.rpm c7b90178c33b98029e1932b5d6607e87b1955e8e0876be4b56e27beb29066db6 sssd-proxy-2.11.1-2.el10_1.1.x86_64.rpm f468f2c7e8a5c91374d378eb0c0d3e1b5bcb8434e0edd4681dcf21305e257ab8 sssd-tools-2.11.1-2.el10_1.1.x86_64.rpm a526fd4ab76319a529be5bba801ac0cee6023676586c7da8efed17ee5b13f7e4 sssd-winbind-idmap-2.11.1-2.el10_1.1.x86_64.rpm f801e7133fce40a14849206d73aedb527048d7f093dd6736d40e563525f7340f RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms kea-3.0.1-2.el10_1.x86_64.rpm b5f4e651c4525c608aae80acc54d49f46370ead7f521035d1ddce8b30f8a9ac9 kea-libs-3.0.1-2.el10_1.x86_64.rpm 80fd323f41516ab4e4dc0941e4f57d782fa8b0bddbf30073fa63f43684b9244a