RLSA-2025:20478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for zziplib. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-x86-64-crb-rpms zziplib-devel-0.13.78-2.el10.x86_64.rpm dded90ba992b5dc7cdc420e29834d64807a29afec2d259a76315c689fbfdf787 RLSA-2025:20994 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms python3-ipatests-4.12.2-24.el10_1.1.noarch.rpm e46c0f2316b939a2753673afc8cf03899626e432ca8a0703d041b402dc7929ee RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms libsss_nss_idmap-devel-2.11.1-2.el10_1.1.x86_64.rpm 824c6ee45acad1a63769212f074cd0204c5974a2b1a04b9fa60f18f319850c07 RLSA-2025:21032 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945) * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms libsoup3-doc-3.6.5-3.el10_1.6.noarch.rpm d0c022c4ab0b09712fd566a0fb2a819f1cbd1612337e93b6ec1c2f0cfb0bf719 RLSA-2025:21037 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for qt6-qtsvg. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fix(es): * qtsvg: Use-after-free vulnerability in Qt SVG (CVE-2025-10729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms qt6-qtsvg-examples-6.9.1-2.el10_1.1.x86_64.rpm 0c3dd71b9b6a195d422da16eb9f3939ba8fe3af79dac4fa964c35999d0f7bdb1 RLSA-2025:21034 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for bind. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778) * bind: Cache poisoning due to weak PRNG (CVE-2025-40780) * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms bind-devel-9.18.33-10.el10_1.2.x86_64.rpm 9c25737354e0693c807fc2a6c17d7b3f68bc0143b89b87b9888c5a0c50c9c6a9 bind-doc-9.18.33-10.el10_1.2.noarch.rpm be37b7526b7d93bbf71704baf4fc945f33dc40439459b94e084e4ab9c2c71e15 RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms kea-keama-3.0.1-2.el10_1.x86_64.rpm 4c28af220294dca2ae9a039552113a3c785b8dd0ac712ef7bc1765cf8436962c RLSA-2025:21220 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-crb-rpms podman-tests-5.6.0-6.el10_1.x86_64.rpm 8892ab5ac5e10ce66eb5dd15357f73f6108177930b73400cdda55e7dd26243bb