RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.ppc64le.rpm f13c2c7dbcf1cab904e1d3b57c39d29b49d2b7c74803c1eda212481be881eaf3 libsss_autofs-2.11.1-2.el10_1.1.ppc64le.rpm 2c6e7b93ebc8b3b0774fd6f222ee331313f37ad5624b31da978f3d20f41841da libsss_certmap-2.11.1-2.el10_1.1.ppc64le.rpm 1bf8b2924e823142954d0085743541d7a2b829ea750a2105baa963ea2a31b963 libsss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm d1e03a69a780c617391c7038682dbdfe81f7868b55ef133e27dfe161b11c1d75 libsss_nss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm 42452353ff4d1931e35b65f8387974fea90ee0e0fc9d12b1f131f225f8704a1c libsss_sudo-2.11.1-2.el10_1.1.ppc64le.rpm 5db786bcafd004d8b5210c8054c5eeb1dd5762fd72aad4b1e4a12f970ebd84c8 python3-libipa_hbac-2.11.1-2.el10_1.1.ppc64le.rpm 049cff0e7f8c017446e6b85f4b32b93e5988934d02c26a66ce70d8d14f17c87d python3-libsss_nss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm 9cd2803bda5bc694bd0ea25da33c087954175d51be8d8f1d96f271e4f05593bd python3-sss-2.11.1-2.el10_1.1.ppc64le.rpm 90a09aa30ca5d89365d646fc204db3ccd79406ad64ce8708e5a8046151e00089 python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.ppc64le.rpm 9edb8bc33e68f428f167cd5887dc5805815c017e7f8ce88f53b8dba9b918ac79 sssd-2.11.1-2.el10_1.1.ppc64le.rpm 447649cd26ff1fd95b9bb27695d5ad0985b0de1502e788f698c73d4b01790b0d sssd-ad-2.11.1-2.el10_1.1.ppc64le.rpm 524dd49f72d9831f7c975ab066ae6f7691d57b29a885a7235a9768737afd9ae8 sssd-client-2.11.1-2.el10_1.1.ppc64le.rpm 539a9497f05088afd124e2a3461063e20391387b4513b8917baa69ace45721e0 sssd-common-2.11.1-2.el10_1.1.ppc64le.rpm 3a20a07cf18521e2de4f52decd3f1e7fefeb429e05470a26c2a6dc9f70b3ff35 sssd-common-pac-2.11.1-2.el10_1.1.ppc64le.rpm e3b44229da95545017e17b36fb8853309b140e50a5c7fd30aa8a2fc8cc2b6133 sssd-dbus-2.11.1-2.el10_1.1.ppc64le.rpm 759ebed303a71d400897a2386e42be0345aff061a24106bf8aa7e08c562d120b sssd-ipa-2.11.1-2.el10_1.1.ppc64le.rpm 439382032170e983adee8def08c4724f2f6e7c50a5e396f2b8b9cf5a56dd72ca sssd-kcm-2.11.1-2.el10_1.1.ppc64le.rpm 4328e2b80f2b9f42e0b73902b9ae67b0ea09df032cfe60ab11fca9e4dcf29fca sssd-krb5-2.11.1-2.el10_1.1.ppc64le.rpm 43d763488385be0afde5402fd663f3ea9e46d7d1af731d54e2f688d356fdda54 sssd-krb5-common-2.11.1-2.el10_1.1.ppc64le.rpm 0f5a1e3e76bc76e1f40072938c44390453615c0c525d1670810765e2a26210e6 sssd-ldap-2.11.1-2.el10_1.1.ppc64le.rpm cec8388851566c003eac0d35bd2901bdd0949b7691e850ee33cf694131883899 sssd-nfs-idmap-2.11.1-2.el10_1.1.ppc64le.rpm b0afa01dcbac34322a4e38a8205b7bfc03a41b3b2ead48daa77f40d2fee904d8 sssd-passkey-2.11.1-2.el10_1.1.ppc64le.rpm fc27025a9ee7a8de3d4d9c21258119bda1f53806797ec5b5f37b8471bad7ef20 sssd-proxy-2.11.1-2.el10_1.1.ppc64le.rpm debfcef838c23d8a96b2b3866be2dfdd65bc5a8262f8de681cd37f0ddb896700 sssd-tools-2.11.1-2.el10_1.1.ppc64le.rpm d49f0e11cccf44548819af32abd06e082ec93a3ad3a4fc1565a7290ddd37c848 sssd-winbind-idmap-2.11.1-2.el10_1.1.ppc64le.rpm 93e05600f18a921c99e2a3e8044c9626e358cb3956e68a87b68c826c6dbc5978 RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms kea-3.0.1-2.el10_1.ppc64le.rpm 6631f25acb1168d6d93ff1f3eb2afd83d31dc9e4b0e97078f76a1820f38491bc kea-libs-3.0.1-2.el10_1.ppc64le.rpm 6e2da48d24684ccf8d2c18630a52d8facac20b9977f0c89f99d90d4d5e2a6f3d