Описание
ELSA-2025-17129: idm:DL1 security update (IMPORTANT)
bind-dyndb-ldap [11.6-6]
- Fix rpminspect warnings Resolves: RHEL-22497
custodia ipa [4.9.13-20.0.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
[4.9.13-20]
- Refactor ipatests for unique krbcanonicalname Resolves: RHEL-110061
[4.9.13-19]
- Enforce uniqueness across krbprincipalname and krbcanonicalname ipa-kdb: enforce PAC presence on TGT for TGS-REQ ipatests: extend test for unique krbcanonicalname Resolves: RHEL-110061
ipa-healthcheck opendnssec [2.1.7-2]
- Don't creat /var/run/opendnssec directory
- Resolves: RHEL-12163
python-jwcrypto python-kdcproxy [0.4-5.1]
- Log KDC timeout only once per request Resolves: RHEL-68634
python-qrcode python-yubico pyusb slapi-nis softhsm
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module idm:DL1 is enabled
bind-dyndb-ldap
11.6-6.module+el8.10.0+90553+1bd85afa
custodia
0.6.0-3.module+el8.9.0+90094+20819f5a
ipa-client
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-epn
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-samba
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-healthcheck
0.12-6.module+el8.10.0+90676+16d53ab4
ipa-healthcheck-core
0.12-6.module+el8.10.0+90676+16d53ab4
ipa-python-compat
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-selinux
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-dns
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-trust-ad
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
opendnssec
2.1.7-2.module+el8.10.0+90553+1bd85afa
python3-custodia
0.6.0-3.module+el8.9.0+90094+20819f5a
python3-ipaclient
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipalib
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipaserver
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipatests
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-jwcrypto
0.5.0-2.module+el8.10.0+90573+7d6bd8da
python3-kdcproxy
0.4-5.module+el8.10.0+90553+1bd85afa.1
python3-pyusb
1.0.0-9.1.module+el8.9.0+90094+20819f5a
python3-qrcode
5.3-1.module+el8.10.0+90676+16d53ab4
python3-qrcode-core
5.3-1.module+el8.10.0+90676+16d53ab4
python3-yubico
1.3.2-9.1.module+el8.9.0+90094+20819f5a
slapi-nis
0.60.0-4.module+el8.10.0+90297+bfe93ccc
softhsm
2.6.0-5.module+el8.9.0+90094+20819f5a
softhsm-devel
2.6.0-5.module+el8.9.0+90094+20819f5a
Oracle Linux x86_64
Module idm:DL1 is enabled
bind-dyndb-ldap
11.6-6.module+el8.10.0+90553+1bd85afa
custodia
0.6.0-3.module+el8.9.0+90094+20819f5a
ipa-client
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-epn
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-client-samba
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-healthcheck
0.12-6.module+el8.10.0+90676+16d53ab4
ipa-healthcheck-core
0.12-6.module+el8.10.0+90676+16d53ab4
ipa-python-compat
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-selinux
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-common
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-dns
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
ipa-server-trust-ad
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
opendnssec
2.1.7-2.module+el8.10.0+90553+1bd85afa
python3-custodia
0.6.0-3.module+el8.9.0+90094+20819f5a
python3-ipaclient
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipalib
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipaserver
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-ipatests
4.9.13-20.0.1.module+el8.10.0+90676+16d53ab4
python3-jwcrypto
0.5.0-2.module+el8.10.0+90573+7d6bd8da
python3-kdcproxy
0.4-5.module+el8.10.0+90553+1bd85afa.1
python3-pyusb
1.0.0-9.1.module+el8.9.0+90094+20819f5a
python3-qrcode
5.3-1.module+el8.10.0+90676+16d53ab4
python3-qrcode-core
5.3-1.module+el8.10.0+90676+16d53ab4
python3-yubico
1.3.2-9.1.module+el8.9.0+90094+20819f5a
slapi-nis
0.60.0-4.module+el8.10.0+90297+bfe93ccc
softhsm
2.6.0-5.module+el8.9.0+90094+20819f5a
softhsm-devel
2.6.0-5.module+el8.9.0+90094+20819f5a
Связанные CVE
Связанные уязвимости
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
A privilege escalation flaw from host to domain administrator was foun ...
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.