RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 941ca8d71997f5ffaa107710745eacc4ed5c7651d206059a2ddb448d5944142a libsss_autofs-2.11.1-2.el10_1.1.aarch64.rpm dff0d8c38b1eeb9894227036a221e12f464a3b2e34dbec77ce6667c8d1c7d5c4 libsss_certmap-2.11.1-2.el10_1.1.aarch64.rpm c91dc6659f85bd0258bd0f36c6653426143463a42154fc2a42829c05c723ce93 libsss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 788a60e427ef1eb4b51d6223b84e16eb544dfe188876d06d2c061387eedc7701 libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 755da0f9abd73c8a644ce8e8400c9159814a7f46bffb543e6007163b51a41074 libsss_sudo-2.11.1-2.el10_1.1.aarch64.rpm 1eb186711514bb265269c2e45fc481c63a61b57021eeac90fec78a2a98a2317f python3-libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 69cea129ca7460ed7d08df35e1ab9eb524c1fd30ca95e7b9ac4466d64309f220 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm bfb7d56ba957d99f4f7b0bb1c8ff7c06c0b35720f36ccc9b826aa06d98b26e8e python3-sss-2.11.1-2.el10_1.1.aarch64.rpm 78be8ed08d77e049a23bcceda35bced6dba5499ad78cc4b592311c3756811a3b python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.aarch64.rpm d61549f207be57832034430c647a820939650efec19a430aa90aee2697ee7eb9 sssd-2.11.1-2.el10_1.1.aarch64.rpm a80176a9696b33e72ed7fb723a69f2f6255653bc9e5a65cddf8aa18759be42b4 sssd-ad-2.11.1-2.el10_1.1.aarch64.rpm 4c6f2cdf7c9779106464886fcfa9fc2245d4acc4038b1e071d91867a2ab416dc sssd-client-2.11.1-2.el10_1.1.aarch64.rpm eefb8b15e2c31401921842b0958717828fd002e0abc55899de7bf7248d523056 sssd-common-2.11.1-2.el10_1.1.aarch64.rpm 9673e4104ef5e17cace33f01475b0fbf431ae333c9b2a031001c16d82a93e5fe sssd-common-pac-2.11.1-2.el10_1.1.aarch64.rpm c2d94c25b1edcea1c4442dccdc9e26801a9abf2c7f2270f5cab18ff2fb71eab9 sssd-dbus-2.11.1-2.el10_1.1.aarch64.rpm a5900e14aadc48feb6259b14171c720dd89e98a307679683189d3c8b2820a036 sssd-ipa-2.11.1-2.el10_1.1.aarch64.rpm da60b5f2e51da3d483c454e435ec0d5ba3dc05eb9f109654b11497492566ef3b sssd-kcm-2.11.1-2.el10_1.1.aarch64.rpm d6419c2fcc6517706fd57f7d32e9c7f53fed13cebc70aef59f34339ef59468e8 sssd-krb5-2.11.1-2.el10_1.1.aarch64.rpm e76db9a0e6e1149d80d80dfb92cb8e1f4c11b6166641d1e4293b94ad2c8cfa41 sssd-krb5-common-2.11.1-2.el10_1.1.aarch64.rpm 110dad1cb68483c77652bdff696cad783ff24f889a2613f1e38ec4b2d1cad19a sssd-ldap-2.11.1-2.el10_1.1.aarch64.rpm fd2a863619225d1dce7db1938f951e5320f41945272586ec50aa9973679256d7 sssd-nfs-idmap-2.11.1-2.el10_1.1.aarch64.rpm b668879e15dd1d37677cb3133405de77c4502f90e0245c5e28c45293747a75a2 sssd-passkey-2.11.1-2.el10_1.1.aarch64.rpm 49fd7aa6de97aa4c5189a267e0500f666a42a1b5e7ac493e8de9f3ec6760824d sssd-proxy-2.11.1-2.el10_1.1.aarch64.rpm 04030458198553028fd2c1c4b6f12ec52fd5b7502c5bd3b0ecc066b714568ca0 sssd-tools-2.11.1-2.el10_1.1.aarch64.rpm fe704c662537a98ce3d852402a03303318f20826bdc118f2c295a3a7a79c18b6 sssd-winbind-idmap-2.11.1-2.el10_1.1.aarch64.rpm 4f2fb4ca70f2df760583a700dbc3546a75059f5b8de8d6c46cd139714875f61f RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms kea-3.0.1-2.el10_1.aarch64.rpm fd4531cb435a9418f87a34b8f219eaa7c1865907fdcf8073319e22125bb11eda kea-libs-3.0.1-2.el10_1.aarch64.rpm e38764dd9b4d57cb1598fc5637e6bd6a45bf3c84764fadd6a611dc2bac01e824