Moderate: kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147) * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901) * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902) * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633) * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655) * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941) * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004) * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742) * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005) * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013) * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020) * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984) * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761) * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741) * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412) * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369) * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-aarch64-baseos-rpms kernel-6.12.0-124.8.1.el10_1.aarch64.rpm 9a2668d99a66949164268b650306fed55a5cfdb08f83d4c060e161d83bdaab4e kernel-64k-6.12.0-124.8.1.el10_1.aarch64.rpm 881176a2984557da34e9d8bea08db536faff291efdf16aadc8a18269da99f7c0 kernel-64k-core-6.12.0-124.8.1.el10_1.aarch64.rpm b1adb1836afdee67efbff98df9b3b3d70396a742724bf8592f0afb709b1c3671 kernel-64k-debug-6.12.0-124.8.1.el10_1.aarch64.rpm 0c855461ba6dd9a41a4bb36b477d784c505bec3e29e0a49092000c36ac5b356a kernel-64k-debug-core-6.12.0-124.8.1.el10_1.aarch64.rpm 4487a7e1526167422f4e9e58139770f780a29b5cb1f024bc24282990c90f144f kernel-64k-debug-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 3ebc163ab3aaa5a7b059a588b23c44ab05f6dcdadd41ea3066dfc74d256179b5 kernel-64k-debug-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm 9c05c5bfe83284abae451f884329ea822050d29e3a79834f5d2e752699b9bacd kernel-64k-debug-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 85ff5dbf8488054f1941d08141479bf1d8622cb63cc22205076ebe882b4a7ddd kernel-64k-modules-6.12.0-124.8.1.el10_1.aarch64.rpm e0f454abb186d7bd123e9e00d49a16c8cfb023668cf31460e3e550b503e04f7b kernel-64k-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm be4afa523e84569ddb0631ec7b6517fcfc9b50c6ccfe68311a4e7d2789945896 kernel-64k-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 1a1ae2caf86c308e336b048bb2b8328405088503c18456e645255ee35259ce39 kernel-abi-stablelists-6.12.0-124.8.1.el10_1.noarch.rpm cf2f27485a692bfdcd43874fea44bab7e5b99670b75801c3af24937fae25e5a1 kernel-core-6.12.0-124.8.1.el10_1.aarch64.rpm d7e1398811b8c41f786758b10efc15756d7c37893d7bf74d7dd8f3e63adceb43 kernel-debug-6.12.0-124.8.1.el10_1.aarch64.rpm 9f369d30d822b8b191bb1e24c5844342f267a68cdfd1665735aa163b84ba554e kernel-debug-core-6.12.0-124.8.1.el10_1.aarch64.rpm ebf2a61e4a94155756e7f8a5639eec79e6b2ef40dc611957d230d44243092a55 kernel-debuginfo-common-aarch64-6.12.0-124.8.1.el10_1.aarch64.rpm 609a1f876f7375ba4bc57f764528567f7dbcfaa7d102c22984dbda2fed74c9b0 kernel-debug-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 104315517f8cd07e491c303f5b5e23eb454727b2c67ff78dd05b9eb35e132810 kernel-debug-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm b73b7128e9e7562b47ebc86e81797d8976a5419ee3f18797861874ed5b1f92bb kernel-debug-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 0919d8640de59f9381936657807584143a9a32aeec875608c4974d5ecda24aa6 kernel-modules-6.12.0-124.8.1.el10_1.aarch64.rpm 19df98ff04a1a53bbff886888600f10ece348949ef8a01579593a45f9d5732ef kernel-modules-core-6.12.0-124.8.1.el10_1.aarch64.rpm caa03c84b639cced94f85e045f8cb595c6c7830144b7fd8f75a76ddbe82347d4 kernel-modules-extra-6.12.0-124.8.1.el10_1.aarch64.rpm 42a8dd666ca787beaf51d0f879868a4d6ed4b7e3836bdccd3ea462065648e3f2 kernel-modules-extra-matched-6.12.0-124.8.1.el10_1.aarch64.rpm dd8d11d17eade064dabd4331b141462d4e9b5a88dea62aea12634c53dcb3dc92 kernel-tools-6.12.0-124.8.1.el10_1.aarch64.rpm 02fd174e907ec9aac8dfb67228ab817a815fd29d5f25b87207f91ff65d2a0e07 kernel-tools-libs-6.12.0-124.8.1.el10_1.aarch64.rpm f237a25af87097b03822fbb2f7d8a05662f281c81df946a37e236279cdfc5a84 kernel-uki-virt-6.12.0-124.8.1.el10_1.aarch64.rpm d360d5a40fe808d9a52643f6c5aa1e9d9b187468457abca7392e30ee4d9ae0fd kernel-uki-virt-addons-6.12.0-124.8.1.el10_1.aarch64.rpm 1ce40e950cc3220b2ccdf6252137e7897a6f91ee51340805f442b878fb3c2470 RLSA-2025:21248 Moderate: openssl security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms openssl-3.5.1-4.el10_1.aarch64.rpm af30bf1ce4fa949232db5cd7821af5cd9a5f2470f1db2be9c83d4f1e3758e9f7 openssl-libs-3.5.1-4.el10_1.aarch64.rpm 78c5e52f8ad1ea18a7398e5f89395e04111519603083b0e8a2115f03abf30e12 RLSA-2025:21931 Moderate: kernel security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730) * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms kernel-6.12.0-124.13.1.el10_1.aarch64.rpm eb204f732a0cff7d906ff54da962f24f6793769716fe7aa4085436c0da4002fd kernel-64k-6.12.0-124.13.1.el10_1.aarch64.rpm 5dc71ff142efc97cff708a0a65f4b3e68bf8734c356e3153f09871d443c583a8 kernel-64k-core-6.12.0-124.13.1.el10_1.aarch64.rpm a40423fdb1bc90d10be5e0ac851e4a33bd2ca3fc7f61dde631dac89971612c6a kernel-64k-debug-6.12.0-124.13.1.el10_1.aarch64.rpm f0f54f9187a46ba5697a5a4140e3aa744cbaf453451c38379f2ff34de8e727b2 kernel-64k-debug-core-6.12.0-124.13.1.el10_1.aarch64.rpm 678887c1be816f9e55006e92ea1194b2b184a5b32efc6d2e46d3ad697698ad77 kernel-64k-debug-modules-6.12.0-124.13.1.el10_1.aarch64.rpm 01bf56a019ee142bcda89bb47d286ee5aee8374278c052bb2d03e26db988fb84 kernel-64k-debug-modules-core-6.12.0-124.13.1.el10_1.aarch64.rpm ed590f6c80f7c2b6f5eb1cac7b754dda23e7e4af1aa898195489e95e401ee0bd kernel-64k-debug-modules-extra-6.12.0-124.13.1.el10_1.aarch64.rpm f6b6c829f472a8a2482749e616af70b08e2bc7634d6e2d23d554aaafe1447b39 kernel-64k-modules-6.12.0-124.13.1.el10_1.aarch64.rpm 5657e990a4140ec15cde37b8dfdc4ed5ae891fa8bf5a7e2e3690131575c99889 kernel-64k-modules-core-6.12.0-124.13.1.el10_1.aarch64.rpm 6ad55a48cfd2e0a88bbbaf55b5a412f0f9a003bb2ba21151d56f98945c0df669 kernel-64k-modules-extra-6.12.0-124.13.1.el10_1.aarch64.rpm 412ae254b93b70b83ee27b87b44ae431ab1a1b098cff94472ea6baa44d8e50e3 kernel-abi-stablelists-6.12.0-124.13.1.el10_1.noarch.rpm 636c0acfab2af6d3ccf248a3393f7315d1d07c409a51148a4e31c720371b34f2 kernel-core-6.12.0-124.13.1.el10_1.aarch64.rpm 5664b162c0f07262907411a0f78424209a70d10d2682842ed3aa52afc4f2c685 kernel-debug-6.12.0-124.13.1.el10_1.aarch64.rpm d5147267102513c25cad65fbc0d0b088d9035f587315315c95f97d10b2aedfdc kernel-debug-core-6.12.0-124.13.1.el10_1.aarch64.rpm b3a9b9fe40f2cbfbcbdc1f801250ab9c730a1e0a50abb8b6d28dfb52a7671630 kernel-debuginfo-common-aarch64-6.12.0-124.13.1.el10_1.aarch64.rpm bbedfb2a4a2e6fb3ce83ad6f62af08dfd03a423a0ed45802bb28c882a7efc492 kernel-debug-modules-6.12.0-124.13.1.el10_1.aarch64.rpm 01e100e1d999f7f6e9af86f60829f2f72c02b6b17e8984cb7951d695fafcc207 kernel-debug-modules-core-6.12.0-124.13.1.el10_1.aarch64.rpm 6e874e82835818f18cc1315e7d8c2f8df6d2cb1be356433d3be00802c71df077 kernel-debug-modules-extra-6.12.0-124.13.1.el10_1.aarch64.rpm 1df408b533cb80c2a55047fbfdffa6f891238472b2a447ae16e319efb225bbc9 kernel-modules-6.12.0-124.13.1.el10_1.aarch64.rpm 46428f67e824f02858113580e83a56dcf79ca3503ba80fbc0e87378bd1df20ed kernel-modules-core-6.12.0-124.13.1.el10_1.aarch64.rpm 4317d20af911c71b906b9f075a232463b678f3a838b37cec352de8aafb633015 kernel-modules-extra-6.12.0-124.13.1.el10_1.aarch64.rpm 29ddf254062e51a2089a8b9653f0c694af425e158f488a631c494368d72bc6f9 kernel-modules-extra-matched-6.12.0-124.13.1.el10_1.aarch64.rpm a39eb99b060545f6cd803c8efcad45f2a552fc754c2ef550aea182c42115d617 kernel-tools-6.12.0-124.13.1.el10_1.aarch64.rpm b2624632a6037afb16197a135789a813b579346c4a2dd85717710095e836f95e kernel-tools-libs-6.12.0-124.13.1.el10_1.aarch64.rpm b8fb28f1a1da512401b7324281b7fdea4f7e5c5410f8db5f12047d00daec2c23 kernel-uki-virt-6.12.0-124.13.1.el10_1.aarch64.rpm 58e03976e1c0328c99fd5c273a6efa714b015921fe4847a62604af56618b1faa kernel-uki-virt-addons-6.12.0-124.13.1.el10_1.aarch64.rpm c2e95b3895d83d1703147ad275bb132f992dc2665facf3d42dbaddb652137e76 RLSA-2025:21020 Important: sssd security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 941ca8d71997f5ffaa107710745eacc4ed5c7651d206059a2ddb448d5944142a libsss_autofs-2.11.1-2.el10_1.1.aarch64.rpm dff0d8c38b1eeb9894227036a221e12f464a3b2e34dbec77ce6667c8d1c7d5c4 libsss_certmap-2.11.1-2.el10_1.1.aarch64.rpm c91dc6659f85bd0258bd0f36c6653426143463a42154fc2a42829c05c723ce93 libsss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 788a60e427ef1eb4b51d6223b84e16eb544dfe188876d06d2c061387eedc7701 libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm 755da0f9abd73c8a644ce8e8400c9159814a7f46bffb543e6007163b51a41074 libsss_sudo-2.11.1-2.el10_1.1.aarch64.rpm 1eb186711514bb265269c2e45fc481c63a61b57021eeac90fec78a2a98a2317f python3-libipa_hbac-2.11.1-2.el10_1.1.aarch64.rpm 69cea129ca7460ed7d08df35e1ab9eb524c1fd30ca95e7b9ac4466d64309f220 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.aarch64.rpm bfb7d56ba957d99f4f7b0bb1c8ff7c06c0b35720f36ccc9b826aa06d98b26e8e python3-sss-2.11.1-2.el10_1.1.aarch64.rpm 78be8ed08d77e049a23bcceda35bced6dba5499ad78cc4b592311c3756811a3b python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.aarch64.rpm d61549f207be57832034430c647a820939650efec19a430aa90aee2697ee7eb9 sssd-2.11.1-2.el10_1.1.aarch64.rpm a80176a9696b33e72ed7fb723a69f2f6255653bc9e5a65cddf8aa18759be42b4 sssd-ad-2.11.1-2.el10_1.1.aarch64.rpm 4c6f2cdf7c9779106464886fcfa9fc2245d4acc4038b1e071d91867a2ab416dc sssd-client-2.11.1-2.el10_1.1.aarch64.rpm eefb8b15e2c31401921842b0958717828fd002e0abc55899de7bf7248d523056 sssd-common-2.11.1-2.el10_1.1.aarch64.rpm 9673e4104ef5e17cace33f01475b0fbf431ae333c9b2a031001c16d82a93e5fe sssd-common-pac-2.11.1-2.el10_1.1.aarch64.rpm c2d94c25b1edcea1c4442dccdc9e26801a9abf2c7f2270f5cab18ff2fb71eab9 sssd-dbus-2.11.1-2.el10_1.1.aarch64.rpm a5900e14aadc48feb6259b14171c720dd89e98a307679683189d3c8b2820a036 sssd-ipa-2.11.1-2.el10_1.1.aarch64.rpm da60b5f2e51da3d483c454e435ec0d5ba3dc05eb9f109654b11497492566ef3b sssd-kcm-2.11.1-2.el10_1.1.aarch64.rpm d6419c2fcc6517706fd57f7d32e9c7f53fed13cebc70aef59f34339ef59468e8 sssd-krb5-2.11.1-2.el10_1.1.aarch64.rpm e76db9a0e6e1149d80d80dfb92cb8e1f4c11b6166641d1e4293b94ad2c8cfa41 sssd-krb5-common-2.11.1-2.el10_1.1.aarch64.rpm 110dad1cb68483c77652bdff696cad783ff24f889a2613f1e38ec4b2d1cad19a sssd-ldap-2.11.1-2.el10_1.1.aarch64.rpm fd2a863619225d1dce7db1938f951e5320f41945272586ec50aa9973679256d7 sssd-nfs-idmap-2.11.1-2.el10_1.1.aarch64.rpm b668879e15dd1d37677cb3133405de77c4502f90e0245c5e28c45293747a75a2 sssd-passkey-2.11.1-2.el10_1.1.aarch64.rpm 49fd7aa6de97aa4c5189a267e0500f666a42a1b5e7ac493e8de9f3ec6760824d sssd-proxy-2.11.1-2.el10_1.1.aarch64.rpm 04030458198553028fd2c1c4b6f12ec52fd5b7502c5bd3b0ecc066b714568ca0 sssd-tools-2.11.1-2.el10_1.1.aarch64.rpm fe704c662537a98ce3d852402a03303318f20826bdc118f2c295a3a7a79c18b6 sssd-winbind-idmap-2.11.1-2.el10_1.1.aarch64.rpm 4f2fb4ca70f2df760583a700dbc3546a75059f5b8de8d6c46cd139714875f61f RLSA-2025:21038 Important: kea security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-baseos-rpms kea-3.0.1-2.el10_1.aarch64.rpm fd4531cb435a9418f87a34b8f219eaa7c1865907fdcf8073319e22125bb11eda kea-libs-3.0.1-2.el10_1.aarch64.rpm e38764dd9b4d57cb1598fc5637e6bd6a45bf3c84764fadd6a611dc2bac01e824