{"id":"ALSA-2025:19610","summary":"Important: sssd security update","details":"The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.  \n\nSecurity Fix(es):  \n\n  * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n","modified":"2026-02-04T03:00:09.473426Z","published":"2025-11-04T00:00:00Z","related":["CVE-2025-11561"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:19610"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2025-11561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2402727"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2025-19610.html"}],"affected":[{"package":{"name":"libipa_hbac","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libipa_hbac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_autofs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_autofs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_certmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_certmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_idmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_nss_idmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_nss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_nss_idmap-devel","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_nss_idmap-devel"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_simpleifp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_simpleifp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"libsss_sudo","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/libsss_sudo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"python3-libipa_hbac","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-libipa_hbac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"python3-libsss_nss_idmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-libsss_nss_idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"python3-sss","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-sss"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"python3-sss-murmur","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-sss-murmur"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"python3-sssdconfig","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/python3-sssdconfig"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-ad","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-ad"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-client","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-common-pac","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-common-pac"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-dbus","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-dbus"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-idp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-idp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-ipa","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-ipa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-kcm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-kcm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-krb5","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-krb5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-krb5-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-krb5-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-ldap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-ldap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-nfs-idmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-nfs-idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-polkit-rules","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-polkit-rules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-proxy","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-proxy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-tools","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-tools"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}},{"package":{"name":"sssd-winbind-idmap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/sssd-winbind-idmap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.4-5.el8_10.3"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2025:19610.json"}}],"schema_version":"1.7.3"}