[Apollo] Advisories Statistics light light Login

RLSA-2025:21140

Security Mirrored from RHSA-2025:21140
Issued at: 2025-11-27
Updated at: 2025-12-07

Synopsis

Important: idm:DL1 security update



Description

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)

* python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2393955 2393958

CVEs

CVE-2025-59088 CVE-2025-59089

Affected packages

Rocky Linux 8 aarch64 - AppStream

bind-dyndb-ldap-0:11.6-6.module+el8.10.0+1960+1ed527b3.aarch64.rpm bind-dyndb-ldap-0:11.6-6.module+el8.10.0+1960+1ed527b3.src.rpm bind-dyndb-ldap-debuginfo-0:11.6-6.module+el8.10.0+1960+1ed527b3.aarch64.rpm bind-dyndb-ldap-debugsource-0:11.6-6.module+el8.10.0+1960+1ed527b3.aarch64.rpm custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.src.rpm ipa-0:4.9.13-20.module+el8.10.0+2066+d74ade98.src.rpm ipa-0:4.9.13-20.module+el8.10.0+2067+377bdd64.src.rpm ipa-client-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-client-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-client-common-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-client-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-client-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-client-debuginfo-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-client-epn-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-client-epn-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-client-samba-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-client-samba-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-common-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-debuginfo-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-debugsource-0:4.9.13-20.module+el8.10.0+2067+377bdd64.aarch64.rpm ipa-debugsource-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2054+aa003774.noarch.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2053+a0a9dc19.src.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2054+aa003774.src.rpm ipa-healthcheck-core-0:0.12-6.module+el8.10.0+2053+a0a9dc19.noarch.rpm ipa-healthcheck-core-0:0.12-6.module+el8.10.0+2054+aa003774.noarch.rpm ipa-python-compat-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-python-compat-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-selinux-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-selinux-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-server-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-server-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-server-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-server-dns-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-server-trust-ad-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm ipa-server-trust-ad-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.aarch64.rpm opendnssec-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.aarch64.rpm opendnssec-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.src.rpm opendnssec-debuginfo-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.aarch64.rpm opendnssec-debugsource-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.aarch64.rpm python3-custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-ipaclient-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipaclient-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm python3-ipalib-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm python3-ipalib-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipaserver-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipatests-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-jwcrypto-0:0.5.0-2.module+el8.10.0+1819+0aeba2f1.noarch.rpm python3-jwcrypto-0:0.5.0-2.module+el8.10.0+1818+2dfda7a6.noarch.rpm python3-kdcproxy-0:0.4-5.module+el8.10.0+2094+d7886766.2.noarch.rpm python3-pyusb-0:1.0.0-9.1.module+el8.9.0+1372+09f67869.noarch.rpm python3-pyusb-0:1.0.0-9.1.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-qrcode-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.noarch.rpm python3-qrcode-0:5.3-1.module+el8.10.0+1915+3c70f7d9.noarch.rpm python3-qrcode-core-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.noarch.rpm python3-qrcode-core-0:5.3-1.module+el8.10.0+1915+3c70f7d9.noarch.rpm python3-yubico-0:1.3.2-9.1.module+el8.9.0+1372+09f67869.noarch.rpm python3-yubico-0:1.3.2-9.1.module+el8.9.0+1371+ffa84eb9.noarch.rpm python-jwcrypto-0:0.5.0-2.module+el8.10.0+1818+2dfda7a6.src.rpm python-jwcrypto-0:0.5.0-2.module+el8.10.0+1819+0aeba2f1.src.rpm python-kdcproxy-0:0.4-5.module+el8.10.0+2094+d7886766.2.src.rpm python-qrcode-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.src.rpm python-qrcode-0:5.3-1.module+el8.10.0+1915+3c70f7d9.src.rpm python-yubico-0:1.3.2-9.1.module+el8.9.0+1371+ffa84eb9.src.rpm python-yubico-0:1.3.2-9.1.module+el8.9.0+1372+09f67869.src.rpm pyusb-0:1.0.0-9.1.module+el8.9.0+1371+ffa84eb9.src.rpm pyusb-0:1.0.0-9.1.module+el8.9.0+1372+09f67869.src.rpm slapi-nis-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.aarch64.rpm slapi-nis-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.src.rpm slapi-nis-debuginfo-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.aarch64.rpm slapi-nis-debugsource-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.aarch64.rpm softhsm-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.aarch64.rpm softhsm-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.src.rpm softhsm-debuginfo-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.aarch64.rpm softhsm-debugsource-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.aarch64.rpm softhsm-devel-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.aarch64.rpm python-kdcproxy-0:0.4-5.module+el8.9.0+1371+ffa84eb9.src.rpm python-kdcproxy-0:0.4-5.module+el8.10.0+1915+3c70f7d9.1.src.rpm python3-kdcproxy-0:0.4-5.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-kdcproxy-0:0.4-5.module+el8.10.0+1915+3c70f7d9.1.noarch.rpm

Rocky Linux 8 x86_64 - AppStream

bind-dyndb-ldap-0:11.6-6.module+el8.10.0+1960+1ed527b3.src.rpm bind-dyndb-ldap-0:11.6-6.module+el8.10.0+1960+1ed527b3.x86_64.rpm bind-dyndb-ldap-debuginfo-0:11.6-6.module+el8.10.0+1960+1ed527b3.x86_64.rpm bind-dyndb-ldap-debugsource-0:11.6-6.module+el8.10.0+1960+1ed527b3.x86_64.rpm custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.src.rpm ipa-0:4.9.13-20.module+el8.10.0+2067+377bdd64.src.rpm ipa-0:4.9.13-20.module+el8.10.0+2066+d74ade98.src.rpm ipa-client-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-client-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-client-common-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-client-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-client-debuginfo-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-client-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-client-epn-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-client-epn-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-client-samba-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-client-samba-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-common-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-debuginfo-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-debugsource-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-debugsource-0:4.9.13-20.module+el8.10.0+2067+377bdd64.x86_64.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2054+aa003774.noarch.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2053+a0a9dc19.src.rpm ipa-healthcheck-0:0.12-6.module+el8.10.0+2054+aa003774.src.rpm ipa-healthcheck-core-0:0.12-6.module+el8.10.0+2054+aa003774.noarch.rpm ipa-healthcheck-core-0:0.12-6.module+el8.10.0+2053+a0a9dc19.noarch.rpm ipa-python-compat-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-python-compat-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-selinux-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-selinux-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm ipa-server-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-server-common-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-server-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-server-dns-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm ipa-server-trust-ad-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm ipa-server-trust-ad-debuginfo-0:4.9.13-20.module+el8.10.0+2066+d74ade98.x86_64.rpm opendnssec-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.src.rpm opendnssec-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.x86_64.rpm opendnssec-debuginfo-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.x86_64.rpm opendnssec-debugsource-0:2.1.7-2.module+el8.10.0+1960+1ed527b3.x86_64.rpm python3-custodia-0:0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-ipaclient-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipaclient-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm python3-ipalib-0:4.9.13-20.module+el8.10.0+2067+377bdd64.noarch.rpm python3-ipalib-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipaserver-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-ipatests-0:4.9.13-20.module+el8.10.0+2066+d74ade98.noarch.rpm python3-jwcrypto-0:0.5.0-2.module+el8.10.0+1819+0aeba2f1.noarch.rpm python3-jwcrypto-0:0.5.0-2.module+el8.10.0+1818+2dfda7a6.noarch.rpm python3-kdcproxy-0:0.4-5.module+el8.10.0+2094+d7886766.2.noarch.rpm python3-pyusb-0:1.0.0-9.1.module+el8.9.0+1372+09f67869.noarch.rpm python3-pyusb-0:1.0.0-9.1.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-qrcode-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.noarch.rpm python3-qrcode-0:5.3-1.module+el8.10.0+1915+3c70f7d9.noarch.rpm python3-qrcode-core-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.noarch.rpm python3-qrcode-core-0:5.3-1.module+el8.10.0+1915+3c70f7d9.noarch.rpm python3-yubico-0:1.3.2-9.1.module+el8.9.0+1371+ffa84eb9.noarch.rpm python3-yubico-0:1.3.2-9.1.module+el8.9.0+1372+09f67869.noarch.rpm python-jwcrypto-0:0.5.0-2.module+el8.10.0+1818+2dfda7a6.src.rpm python-jwcrypto-0:0.5.0-2.module+el8.10.0+1819+0aeba2f1.src.rpm python-kdcproxy-0:0.4-5.module+el8.10.0+2094+d7886766.2.src.rpm python-qrcode-0:5.3-1.module+el8.10.0+1915+3c70f7d9.src.rpm python-qrcode-0:5.3-1.module+el8.10.0+1916+6bb8cf6b.src.rpm python-yubico-0:1.3.2-9.1.module+el8.9.0+1372+09f67869.src.rpm python-yubico-0:1.3.2-9.1.module+el8.9.0+1371+ffa84eb9.src.rpm pyusb-0:1.0.0-9.1.module+el8.9.0+1372+09f67869.src.rpm pyusb-0:1.0.0-9.1.module+el8.9.0+1371+ffa84eb9.src.rpm slapi-nis-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.src.rpm slapi-nis-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.x86_64.rpm slapi-nis-debuginfo-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.x86_64.rpm slapi-nis-debugsource-0:0.60.0-4.module+el8.9.0+1573+39ab85f4.x86_64.rpm softhsm-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.src.rpm softhsm-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.x86_64.rpm softhsm-debuginfo-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.x86_64.rpm softhsm-debugsource-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.x86_64.rpm softhsm-devel-0:2.6.0-5.module+el8.9.0+1371+ffa84eb9.x86_64.rpm python-kdcproxy-0:0.4-5.module+el8.10.0+1915+3c70f7d9.1.src.rpm python-kdcproxy-0:0.4-5.module+el8.9.0+1371+ffa84eb9.src.rpm python3-kdcproxy-0:0.4-5.module+el8.10.0+1915+3c70f7d9.1.noarch.rpm python3-kdcproxy-0:0.4-5.module+el8.9.0+1371+ffa84eb9.noarch.rpm