Moderate: kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147) * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901) * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902) * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633) * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655) * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941) * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004) * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742) * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005) * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013) * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020) * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984) * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761) * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741) * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412) * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369) * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-s390x-baseos-rpms kernel-6.12.0-124.8.1.el10_1.s390x.rpm 86f391b49ec281ee4a8c607516aa07eeb858284f7338518ea6b612826db30da2 kernel-abi-stablelists-6.12.0-124.8.1.el10_1.noarch.rpm cf2f27485a692bfdcd43874fea44bab7e5b99670b75801c3af24937fae25e5a1 kernel-core-6.12.0-124.8.1.el10_1.s390x.rpm a6051f0009b3dbb723b5f255cad6712cb7466869ab62da09531095e612a97bd9 kernel-debug-6.12.0-124.8.1.el10_1.s390x.rpm 988f696aca162e018f69a0212172c0b98f8bd078f285f686aebd8a32934de783 kernel-debug-core-6.12.0-124.8.1.el10_1.s390x.rpm 5e3c34686399107acfec3416f585014c0e6e30b588f71413e6ba7ee27bb5bc9e kernel-debuginfo-common-s390x-6.12.0-124.8.1.el10_1.s390x.rpm 838018eb14596d9cc88689c51278d3237cdd4f61fe7fddfe2821ca5abee6a740 kernel-debug-modules-6.12.0-124.8.1.el10_1.s390x.rpm 9ee88b6d40ea2a6e23c0f6ba50cb7981f570c3587672d19b9c218c6d7b4b87bb kernel-debug-modules-core-6.12.0-124.8.1.el10_1.s390x.rpm 55aa731130af95bbf344e21fd93a1ee2c8ec1da91266318b316b1564a8f6ed97 kernel-debug-modules-extra-6.12.0-124.8.1.el10_1.s390x.rpm 0511d06e7f499494eacb495490f1f135c26296dff6c6c2bb550759867039062d kernel-modules-6.12.0-124.8.1.el10_1.s390x.rpm 80abe56299376bc919e641f9a8c473be8b08568ec18832e100e748fc44d719bf kernel-modules-core-6.12.0-124.8.1.el10_1.s390x.rpm 24a44223057f39e64693814d632a0502d9d01df1e513112ef455a3bc8848e700 kernel-modules-extra-6.12.0-124.8.1.el10_1.s390x.rpm 3e077c8d4f28017689e08fa9fe7ab8fb7bb5fb0d997d96f658874bf17ffd3df3 kernel-modules-extra-matched-6.12.0-124.8.1.el10_1.s390x.rpm 812ed515dd8816d55e09bfb8acd6357da1748969d4ffbccb9d677c321dd90344 kernel-tools-6.12.0-124.8.1.el10_1.s390x.rpm 1a7585fb1bde2fb5f8db62590215352da8530596ee626c8d2ecd968f755d7999 kernel-zfcpdump-6.12.0-124.8.1.el10_1.s390x.rpm 47857f3c3a2cce620f7b352d48b5f7734fc72b58f487a46d52aa47973ecd59d6 kernel-zfcpdump-core-6.12.0-124.8.1.el10_1.s390x.rpm feef32875ebeef39bb1d705b613ea5716488543f6cb2a9149f4820dc5b84d31f kernel-zfcpdump-modules-6.12.0-124.8.1.el10_1.s390x.rpm 67e2758976399cb62ac493ce3d3fb77ffa4d3a6a943c2d7ce464f851c3a4eff8 kernel-zfcpdump-modules-core-6.12.0-124.8.1.el10_1.s390x.rpm 21a04aa51434c9a5338dd8958610be7e63e5e8fcbce871a77c743d4c92df9143 kernel-zfcpdump-modules-extra-6.12.0-124.8.1.el10_1.s390x.rpm 717a7b1caca2ac9fbfc4391464027afccfd45f354fabd11085aba3d3b9ff0de9 RLSA-2025:21248 Moderate: openssl security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms openssl-3.5.1-4.el10_1.s390x.rpm 4b6fb80afa18d4753b12b1f9c074aa08b8dc983060d14548517efe8acc254d36 openssl-libs-3.5.1-4.el10_1.s390x.rpm f74908bfd0976bf27f91fc99b34aec125aa24498bbae6f2deb53956c80774c7f RLSA-2025:21931 Moderate: kernel security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730) * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms kernel-6.12.0-124.13.1.el10_1.s390x.rpm 395fc30f2b813151e8cf3772617ca1afef85f1ee10f4a1776c4d5a40e52cec56 kernel-abi-stablelists-6.12.0-124.13.1.el10_1.noarch.rpm 636c0acfab2af6d3ccf248a3393f7315d1d07c409a51148a4e31c720371b34f2 kernel-core-6.12.0-124.13.1.el10_1.s390x.rpm 4458237624775798451fbc0e7c5ebabbb64ee746f8a183ee6c46883a899bb3b3 kernel-debug-6.12.0-124.13.1.el10_1.s390x.rpm 992e64b6d475695288c652729c87b3de68dbcf5688dd8205639d62e0170003f6 kernel-debug-core-6.12.0-124.13.1.el10_1.s390x.rpm 2416984f09ab29cd47b6c6d452d5eafbcb4187b77d6ccdf63d99edec49044b46 kernel-debuginfo-common-s390x-6.12.0-124.13.1.el10_1.s390x.rpm 10320ce25ffeb511739730b54a7511f8c76e6ace4f0324993f9da08cd27f20d3 kernel-debug-modules-6.12.0-124.13.1.el10_1.s390x.rpm 73d2d87b0b1a6ae76562d74c4bb5bdf206c2a79cf558cd16d27e9716257df665 kernel-debug-modules-core-6.12.0-124.13.1.el10_1.s390x.rpm dd93f7194069b849c0b2840a5db0b1414341b89332c9dbfab247d75c18c66940 kernel-debug-modules-extra-6.12.0-124.13.1.el10_1.s390x.rpm 5d85066e1ac55cf07e1c30f1104b4ff7c3f59ab717a9f000dee95c2a1f51dd51 kernel-modules-6.12.0-124.13.1.el10_1.s390x.rpm ce74adf2b3ae25fc48e64ad0a5dc88124c25fbf9312ce12702f92a541b746b75 kernel-modules-core-6.12.0-124.13.1.el10_1.s390x.rpm f360b7f6bcf12b48986e500bbe9decd7488f044a469ad134f7b42905cffcabae kernel-modules-extra-6.12.0-124.13.1.el10_1.s390x.rpm 9fac84fedb058ed4585d131c3e08c929471ea76fd5e29a497a1eabddc986354b kernel-modules-extra-matched-6.12.0-124.13.1.el10_1.s390x.rpm 27151a735199c760e086a8a61a03652b05ba0f86f2a83ad57e53a1cd42869654 kernel-tools-6.12.0-124.13.1.el10_1.s390x.rpm 2a313f25bc01bf5e8b56bb290c9b8545998c5d575050c56857c08dd3796d14bf kernel-zfcpdump-6.12.0-124.13.1.el10_1.s390x.rpm ef329c049918f6bbe0fecc09aa42e0c9220575863e08e9c41f7199d9fbaae7f2 kernel-zfcpdump-core-6.12.0-124.13.1.el10_1.s390x.rpm d45dc0b43ff2dd323d234dde3ad4a1c5cb6a4b2147be65b345ce2a736098299b kernel-zfcpdump-modules-6.12.0-124.13.1.el10_1.s390x.rpm 6515734923b36586eb2e5be5c1350961c00cea0d30fe39672933c05a200e9967 kernel-zfcpdump-modules-core-6.12.0-124.13.1.el10_1.s390x.rpm 2dcd12d2793d5e4af11513c1648543d773dff2a6cdab283ceb9eef06a633efef kernel-zfcpdump-modules-extra-6.12.0-124.13.1.el10_1.s390x.rpm b6c1d8e883021686decb93859229a8d830e1ff26a617f5fa4c7c3950ba1408d2 RLSA-2025:20145 Low: shadow-utils security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Low

An update is available for shadow-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fix(es): * shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-s390x-baseos-rpms shadow-utils-4.15.0-8.el10.s390x.rpm 6e2b6fc01635372579b9906d4a6e323f568366c719e0cc273d8544fdf6824b8b shadow-utils-subid-4.15.0-8.el10.s390x.rpm 31c4d9dc7d1b7c5a2ce59a80c6aff986a84f46c5b7b09a035d40e44b250bb232 RLSA-2025:21020 Important: sssd security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.s390x.rpm 4deb8d7f72770c1f520781aafe75080ec275b67b4ac995a7c4d991d8579ef51a libsss_autofs-2.11.1-2.el10_1.1.s390x.rpm 0f11a0c6580a31ed433963a8282ee6187b8adb5bb83c672fc945e5c50a4c75f3 libsss_certmap-2.11.1-2.el10_1.1.s390x.rpm fd1f59dfbce1d30fcd58f7ed73519c2bbe4abacc207f896ee201f66819d45fb4 libsss_idmap-2.11.1-2.el10_1.1.s390x.rpm 14d7d0246e6b6e623b9c00d6da19a9be5b5e53c12952a4a4e7d7101ffd7afa3e libsss_nss_idmap-2.11.1-2.el10_1.1.s390x.rpm 5cdc31e23ea28fee77a12a2d40cc73de53f9cc49f14181d9a529de86d7adc829 libsss_sudo-2.11.1-2.el10_1.1.s390x.rpm 980e9e1b1e374e52800a7724712927634a3c7c443bb15db9f05a91c0e00bca86 python3-libipa_hbac-2.11.1-2.el10_1.1.s390x.rpm 1faa4d707e479b35550a3671c1f34c7d852690bb2d7cad15a08638c7f5d13444 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.s390x.rpm ac2b1b4b8652794db8e1ec33d5d407a49ac08c36ca857ac2800d87e1a4233351 python3-sss-2.11.1-2.el10_1.1.s390x.rpm 29c5974a466b5a8458e7b3b6275f06c3a264631cba630f5942a3a7a0735201ec python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.s390x.rpm e5f75ecd06643c818032e3fb7885bfac973234a2236d7d0b38ac2f99998f2823 sssd-2.11.1-2.el10_1.1.s390x.rpm 0d2bead1d66092cc0c715f774b123c98dfd4e59e96db323dd3400795727fbdc9 sssd-ad-2.11.1-2.el10_1.1.s390x.rpm 97d170338159ac72cc9932cc78507f372edbd9bc5ff20e5c168492abb713672c sssd-client-2.11.1-2.el10_1.1.s390x.rpm 6709bdd4d6d3f45608e9c7ceffc1e50da90481b48efe12e22b0e837371942eb4 sssd-common-2.11.1-2.el10_1.1.s390x.rpm feae2b7758e18fab95635b3af75fca4ba2cd6dd13ab86fd43ef6271a79942972 sssd-common-pac-2.11.1-2.el10_1.1.s390x.rpm 37bc36d27624bb55c98367e43452f86679133c3a7e8013ad9228a3f93de0c188 sssd-dbus-2.11.1-2.el10_1.1.s390x.rpm dd8da8a2791ba447997dde70b0493903131665c6e08e46d9f81c846f34550446 sssd-ipa-2.11.1-2.el10_1.1.s390x.rpm d7993d06996f7f6482fbbf342fbc2597b42229fbdd2ccf4abf7a8dfb501e44a2 sssd-kcm-2.11.1-2.el10_1.1.s390x.rpm 1c6cd681c744cd1a03c7433a122a5e106eb2d80629e87793f5bf1fa71ae2624b sssd-krb5-2.11.1-2.el10_1.1.s390x.rpm f5df1b2daa5309db230b9b4555d59a6e0664de80891735a586d9a00307dd09bc sssd-krb5-common-2.11.1-2.el10_1.1.s390x.rpm 26f1234ee1d9afa7e5d14e12241a4b31d0098e5cb9dfb969b55a3815c458aa17 sssd-ldap-2.11.1-2.el10_1.1.s390x.rpm 924caa072e8fd3a1a2dd977ea2b5b363a95ea1985d4890fde0c345d5534ae3b3 sssd-nfs-idmap-2.11.1-2.el10_1.1.s390x.rpm 85459fa8676112903c2bebc781e9b6ee9d60f7ac3b349e357af1a6664985598e sssd-passkey-2.11.1-2.el10_1.1.s390x.rpm c6165a302c6dc5c6965c550cd549ce7553cda1e1c53da4bb9d26e3cc8ce496bf sssd-proxy-2.11.1-2.el10_1.1.s390x.rpm 9f83f907deafeb32fa473b1dd6c96d78e80199beacef9b06123b980b28a1746a sssd-tools-2.11.1-2.el10_1.1.s390x.rpm e04f28bf097823c343c121f89c41caa2355e18ff0892e7bea505267015bc43b8 sssd-winbind-idmap-2.11.1-2.el10_1.1.s390x.rpm f1b7917c68b21d358765d464cb4f5188b3716e48e1cdbc736c1c4c300f6598db RLSA-2025:21038 Important: kea security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-baseos-rpms kea-3.0.1-2.el10_1.s390x.rpm 224f5d4ffed14563aa758aef5346d45a4d2708d34502507698d20cad8d3b0443 kea-libs-3.0.1-2.el10_1.s390x.rpm ffe36dff80458d2a929537d8b084c13e6992df271fe6b2b2a2db63bfa5e0ef3d