RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.s390x.rpm 4deb8d7f72770c1f520781aafe75080ec275b67b4ac995a7c4d991d8579ef51a libsss_autofs-2.11.1-2.el10_1.1.s390x.rpm 0f11a0c6580a31ed433963a8282ee6187b8adb5bb83c672fc945e5c50a4c75f3 libsss_certmap-2.11.1-2.el10_1.1.s390x.rpm fd1f59dfbce1d30fcd58f7ed73519c2bbe4abacc207f896ee201f66819d45fb4 libsss_idmap-2.11.1-2.el10_1.1.s390x.rpm 14d7d0246e6b6e623b9c00d6da19a9be5b5e53c12952a4a4e7d7101ffd7afa3e libsss_nss_idmap-2.11.1-2.el10_1.1.s390x.rpm 5cdc31e23ea28fee77a12a2d40cc73de53f9cc49f14181d9a529de86d7adc829 libsss_sudo-2.11.1-2.el10_1.1.s390x.rpm 980e9e1b1e374e52800a7724712927634a3c7c443bb15db9f05a91c0e00bca86 python3-libipa_hbac-2.11.1-2.el10_1.1.s390x.rpm 1faa4d707e479b35550a3671c1f34c7d852690bb2d7cad15a08638c7f5d13444 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.s390x.rpm ac2b1b4b8652794db8e1ec33d5d407a49ac08c36ca857ac2800d87e1a4233351 python3-sss-2.11.1-2.el10_1.1.s390x.rpm 29c5974a466b5a8458e7b3b6275f06c3a264631cba630f5942a3a7a0735201ec python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.s390x.rpm e5f75ecd06643c818032e3fb7885bfac973234a2236d7d0b38ac2f99998f2823 sssd-2.11.1-2.el10_1.1.s390x.rpm 0d2bead1d66092cc0c715f774b123c98dfd4e59e96db323dd3400795727fbdc9 sssd-ad-2.11.1-2.el10_1.1.s390x.rpm 97d170338159ac72cc9932cc78507f372edbd9bc5ff20e5c168492abb713672c sssd-client-2.11.1-2.el10_1.1.s390x.rpm 6709bdd4d6d3f45608e9c7ceffc1e50da90481b48efe12e22b0e837371942eb4 sssd-common-2.11.1-2.el10_1.1.s390x.rpm feae2b7758e18fab95635b3af75fca4ba2cd6dd13ab86fd43ef6271a79942972 sssd-common-pac-2.11.1-2.el10_1.1.s390x.rpm 37bc36d27624bb55c98367e43452f86679133c3a7e8013ad9228a3f93de0c188 sssd-dbus-2.11.1-2.el10_1.1.s390x.rpm dd8da8a2791ba447997dde70b0493903131665c6e08e46d9f81c846f34550446 sssd-ipa-2.11.1-2.el10_1.1.s390x.rpm d7993d06996f7f6482fbbf342fbc2597b42229fbdd2ccf4abf7a8dfb501e44a2 sssd-kcm-2.11.1-2.el10_1.1.s390x.rpm 1c6cd681c744cd1a03c7433a122a5e106eb2d80629e87793f5bf1fa71ae2624b sssd-krb5-2.11.1-2.el10_1.1.s390x.rpm f5df1b2daa5309db230b9b4555d59a6e0664de80891735a586d9a00307dd09bc sssd-krb5-common-2.11.1-2.el10_1.1.s390x.rpm 26f1234ee1d9afa7e5d14e12241a4b31d0098e5cb9dfb969b55a3815c458aa17 sssd-ldap-2.11.1-2.el10_1.1.s390x.rpm 924caa072e8fd3a1a2dd977ea2b5b363a95ea1985d4890fde0c345d5534ae3b3 sssd-nfs-idmap-2.11.1-2.el10_1.1.s390x.rpm 85459fa8676112903c2bebc781e9b6ee9d60f7ac3b349e357af1a6664985598e sssd-passkey-2.11.1-2.el10_1.1.s390x.rpm c6165a302c6dc5c6965c550cd549ce7553cda1e1c53da4bb9d26e3cc8ce496bf sssd-proxy-2.11.1-2.el10_1.1.s390x.rpm 9f83f907deafeb32fa473b1dd6c96d78e80199beacef9b06123b980b28a1746a sssd-tools-2.11.1-2.el10_1.1.s390x.rpm e04f28bf097823c343c121f89c41caa2355e18ff0892e7bea505267015bc43b8 sssd-winbind-idmap-2.11.1-2.el10_1.1.s390x.rpm f1b7917c68b21d358765d464cb4f5188b3716e48e1cdbc736c1c4c300f6598db RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms kea-3.0.1-2.el10_1.s390x.rpm 224f5d4ffed14563aa758aef5346d45a4d2708d34502507698d20cad8d3b0443 kea-libs-3.0.1-2.el10_1.s390x.rpm ffe36dff80458d2a929537d8b084c13e6992df271fe6b2b2a2db63bfa5e0ef3d