Fedora alert FEDORA-2025-c1dfec4d73 (sssd)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: sssd-2.11.1-2.fc41 | |
| Date: | Sun, 26 Oct 2025 01:08:29 +0000 | |
| Message-ID: | <20251026010829.B64497B158@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c1dfec4d73 2025-10-26 01:06:44.612094+00:00 -------------------------------------------------------------------------------- Name : sssd Product : Fedora 41 Version : 2.11.1 Release : 2.fc41 URL : https://github.com/SSSD/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the daemon as well as all the existing back ends. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2025-11561 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728 After startup SSSD already creates a Kerberos configuration snippet in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin if the AD or IPA providers are used. This enables SSSD's localauth plugin. Starting with this update the an2ln plugin is disabled in the configuration snippet as well. If this file or its content are included in the Kerberos configuration (a default on Fedora) it will fix CVE-2025-11561. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 20 2025 Alexey Tikhonov <atikhono@redhat.com> - 2.11.1-2 - Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c1dfec4d73' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue