idm:DL1 security update

エラータID: AXSA:2025-11169:01

Release date: 
Friday, November 28, 2025 - 18:54
Subject: 
idm:DL1 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Asianux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)
* python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.

Modularity name: "idm"
Stream name: "DL1"

Solution: 

Update packages.

CVEs: 
CVE-2025-59088
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
CVE-2025-59089
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. through server-side request forgery), they can exploit the fact that kdcproxy does not enforce bounds on TCP response length to conduct a denial-of-service attack. While receiving the KDC's response, kdcproxy copies the entire buffered stream into a new buffer on each recv() call, even when the transfer is incomplete, causing excessive memory allocation and CPU usage. Additionally, kdcproxy accepts incoming response chunks as long as the received data length is not exactly equal to the length indicated in the response header, even when individual chunks or the total buffer exceed the maximum length of a Kerberos message. This allows an attacker to send unbounded data until the connection timeout is reached (approximately 12 seconds), exhausting server memory or CPU resources. Multiple concurrent requests can cause accept queue overflow, denying service to legitimate clients.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind-dyndb-ldap-11.6-6.module+el8+1922+95af2a3b.src.rpm
    MD5: 92c029fda3cbebdcc022bc2e3c72aa58
    SHA-256: 8d2cd73b2e28f9c9e242b09fb6751bc036f1d84590ef88e642f413234f9dfda4
    Size: 370.34 kB
  2. custodia-0.6.0-3.module+el8+1922+95af2a3b.src.rpm
    MD5: 805ab33c90b1abfece8e513b583be332
    SHA-256: 1bbc130c10863824ba777aee324bfd04740cef7fd2db887ce60d77b3759756c3
    Size: 144.66 kB
  3. ipa-healthcheck-0.12-6.module+el8+1922+95af2a3b.src.rpm
    MD5: 780523645fd85116004df2e70e2d7172
    SHA-256: a4d5ff6aae33049151f0a1a2f3af119f9101492dedc76486b1d3dfd0fc26a144
    Size: 136.51 kB
  4. ipa-4.9.13-20.module+el8+1922+95af2a3b.src.rpm
    MD5: 08900a86490338a157f7377c446c9730
    SHA-256: a2b487d9c9a04c95aa92cb6182d89539e051c652ad9e61513c0a73c67151aa23
    Size: 13.20 MB
  5. opendnssec-2.1.7-2.module+el8+1922+95af2a3b.src.rpm
    MD5: ee291eac8e6f1b332ffcb68d55573776
    SHA-256: 36e3c43e76889dff0073d2b219c758326a4847854ba23410453561d493de5d5d
    Size: 1.09 MB
  6. python-jwcrypto-0.5.0-2.module+el8+1922+95af2a3b.src.rpm
    MD5: a76a1ca0e0023ec8e5919b752107a231
    SHA-256: 82cf5a3e6670b8d3f93c27e90b9f276ae613a18ab89ae71d8dbd69c4ad4defa1
    Size: 79.63 kB
  7. python-kdcproxy-0.4-5.module+el8+1922+95af2a3b.2.src.rpm
    MD5: cafc3bc034e19c88f604875534361893
    SHA-256: 8d2a837ba17f9a6d81cdda6502a36ed4688ffb4da19e2d74799e8fba67477cff
    Size: 52.45 kB
  8. python-qrcode-5.3-1.module+el8+1922+95af2a3b.src.rpm
    MD5: b1a151df231b6a8cf988d20cf1e1552b
    SHA-256: 8090c99636d5a5f8fa55f646998bfda6533fb765b87cee9c096b25e9c3b43dcd
    Size: 35.47 kB
  9. python-yubico-1.3.2-9.1.module+el8+1922+95af2a3b.src.rpm
    MD5: e3f64c026a2b2519eda34bfee5b74807
    SHA-256: 3dd2af6a639efe55f28ae76dda18c4ebee6a533dee90b2cbcd3a011029e863c5
    Size: 50.84 kB
  10. pyusb-1.0.0-9.1.module+el8+1922+95af2a3b.src.rpm
    MD5: 6381a536d816924f700230bcac8667e6
    SHA-256: 46454bf199cb77be196076985f821cef7319b5c040c436ab53a848f7afd78f78
    Size: 78.96 kB
  11. slapi-nis-0.60.0-4.module+el8+1922+95af2a3b.ML.1.src.rpm
    MD5: 91e45fc41275a200b601afe21d69e04c
    SHA-256: 5fd4339c24c24dd534d997e2b4ee94de21818a80b5c2d48b6a0f61c4601d33c2
    Size: 646.84 kB
  12. softhsm-2.6.0-5.module+el8+1922+95af2a3b.src.rpm
    MD5: 0a0fbab4a7a7a88197d39599448f9f2c
    SHA-256: 3d64c73e4266abeff379e9ebfc0945348c3649020420ace12ec45661ade5e511
    Size: 1.03 MB

Asianux Server 8 for x86_64
  1. bind-dyndb-ldap-11.6-6.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 25ba98beba47da5eae7ae4189eeda851
    SHA-256: 43d4f44910860aa91a1950172dacf7a218717b27c1ed22cd372426316280970a
    Size: 127.12 kB
  2. bind-dyndb-ldap-debugsource-11.6-6.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: afdb9ef7b283e47046b482d3cad92e39
    SHA-256: 3089e856a5ee3cf0f26b89bd21a23ce2203e1a25a5791072c35345a1c022981f
    Size: 114.55 kB
  3. custodia-0.6.0-3.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 50d0026c901d4f163cbdcc62cd74a601
    SHA-256: b67de6bc0b47aaf661cff8da07472460ce19ba697432c00f12544e6f77d2ae93
    Size: 32.29 kB
  4. ipa-client-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: dc2cac962c3cd7b397c39647e7c7765f
    SHA-256: 9f26f6697a13f907dc8fe8cf83e25c42879b8985fa646c7947ab041bc8621a58
    Size: 293.33 kB
  5. ipa-client-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 32216b564f94b22763ee6ac4bb5e9d07
    SHA-256: a95380dca7304f9bcb6fab4bbf21d3b37511a942c9a0828278bb566ad5bc5d3f
    Size: 194.69 kB
  6. ipa-client-epn-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 8e659555387957c32b02c947c3fcd075
    SHA-256: c93de848e4d44b174e3afad3313ad2b7629b6f3f80c07d48156ae5dded7314d4
    Size: 192.78 kB
  7. ipa-client-samba-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 25ceff3f70e0299bb0cf6bc7a90c5364
    SHA-256: 54f3ed963c69428e2a69d086b8f31ea735067c15abcdcc6039631746ce8f1ef6
    Size: 188.31 kB
  8. ipa-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 02903c223e347d4f4b5321c98fdc845c
    SHA-256: 87e5021f87d74b351c11f91eebf9c7ff55ca346e7da1291200015662d0b9fcad
    Size: 802.70 kB
  9. ipa-debugsource-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: fbf9d8c16ae41b1b01abf133ed93a2be
    SHA-256: 6397d0899d47cf5d550670d86950a76fd1f7f1dd464ca7398a7844284377e08c
    Size: 513.04 kB
  10. ipa-healthcheck-0.12-6.module+el8+1922+95af2a3b.noarch.rpm
    MD5: a603b6b94ab678a4c280d8a84d2f2db5
    SHA-256: 3caaf320101c3697c047665cbfedff2f70e58b15f240af82bff250bb6533c5ac
    Size: 113.77 kB
  11. ipa-healthcheck-core-0.12-6.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 1a567f7730168d6f130191afce31649d
    SHA-256: 627b0f5506202e83e854d323d4f33647ec0454a60246b9d28dad556326303966
    Size: 59.43 kB
  12. ipa-python-compat-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 2ba6c478141a13d82922bf615c0714e0
    SHA-256: 06caee3258fbd1f96eb012e78e9b7d7df7dd6ae2678f60b62c83b3f2fbd6ae84
    Size: 186.12 kB
  13. ipa-selinux-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 7c2b5c05cd25f6afce3e10b6105589ee
    SHA-256: 4caac05955f65e739b70c6d0543210dbaf5f94d7b5c23b0e4e04b488bbf528a2
    Size: 186.63 kB
  14. ipa-server-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: a104ac1b1ff4ee0dd404d99e033c7380
    SHA-256: 0bb7cbf85de0dc46009075d8db0014be3fb586f53b1897cf7de76a2753b1e11e
    Size: 559.80 kB
  15. ipa-server-common-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 08072ec1cf7c10fb225f6eb062ae121a
    SHA-256: d9fc35d01d33558dfdcfe3266edd05a788aee21ce5a7e4dff3dd94bf171fce15
    Size: 627.61 kB
  16. ipa-server-dns-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 85428b02dad73435770e54f9d0545a54
    SHA-256: 37696b013c6cc17613d1fdb4bdd48afdb9227f11991fd57d00bd64beadaf15c5
    Size: 202.34 kB
  17. ipa-server-trust-ad-4.9.13-20.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 6cffb83a0a294db6122ff35ca9bf9642
    SHA-256: 9386842b44dfce0b62154fdd00f3caf89ccb1c07e0d8b355afc37e27e8640f58
    Size: 299.96 kB
  18. opendnssec-2.1.7-2.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: d6ee4c707749f0af55a2de04ff2f3996
    SHA-256: 89f77a3263c0c344ab55aba6f5015154c131626005ea0c99a6abe894683d14d2
    Size: 472.33 kB
  19. opendnssec-debugsource-2.1.7-2.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 97ccf80ded734c49ef8254909302ac13
    SHA-256: fe9dcce908a3f4dee4557f2cb6090cb45dc706bca08ead8d243beb47d55f97e3
    Size: 406.04 kB
  20. python3-custodia-0.6.0-3.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 2ba26ecddb94437130d953d294002620
    SHA-256: ff13efd2b99158e87939a64bb3b161df2e6ef764df173b36bc969c4b0d765ce8
    Size: 120.08 kB
  21. python3-ipaclient-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 9aada7e2415f579cf95a0cf523af22c7
    SHA-256: d02397fe380710aeef2179089f914df4d692b7e9b52291f54eb739a238b633b6
    Size: 700.69 kB
  22. python3-ipalib-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 466a29cf6d1ad6401d0ebfe166d210ad
    SHA-256: aac7aa739213e39df86cfc40b2e680c5732cdfa344c0245a0c92ad5e29f568f2
    Size: 770.69 kB
  23. python3-ipaserver-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 15badc74bef33e951125567b6c072f87
    SHA-256: 4e49b8f1342d3e6ca50efbe72321596f8b7e37579f7f559041aee9efb713f42d
    Size: 1.68 MB
  24. python3-ipatests-4.9.13-20.module+el8+1922+95af2a3b.noarch.rpm
    MD5: c2f48b68e8d57f59265196fbb3c57231
    SHA-256: 37d17137490ed2b8188f75fb51440d279b4348f196c06ad6af3dee9848c427b3
    Size: 1.74 MB
  25. python3-jwcrypto-0.5.0-2.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 7a64c2b77f486b7432182dcfcc81a6ec
    SHA-256: 9826b5261a0a3553d151b2782cfbcfc1835df7881cbd43e6cf93e335afd4c37c
    Size: 64.91 kB
  26. python3-kdcproxy-0.4-5.module+el8+1922+95af2a3b.2.noarch.rpm
    MD5: 2bd46bfc78cba222ff9a787375b017a8
    SHA-256: 70776cf8a23857cc8f08786bf6cf3a1d0867c27c047e3c42864720a6c889041b
    Size: 42.15 kB
  27. python3-pyusb-1.0.0-9.1.module+el8+1922+95af2a3b.noarch.rpm
    MD5: fbc50c8f6418f06a0cee979e1efc66f2
    SHA-256: bf2018798443f94fd223241331f8fa3124fa89c583776f6ec9fd4b9a28ee9b70
    Size: 86.87 kB
  28. python3-qrcode-5.3-1.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 08841dd3a13cfd817f846282a870a891
    SHA-256: 1c5a47de61e626996a76b73ea671401d1ec980a564263ddb1e14be23033a488b
    Size: 16.80 kB
  29. python3-qrcode-core-5.3-1.module+el8+1922+95af2a3b.noarch.rpm
    MD5: 3e0f99a6b25d0956345afd28036fad79
    SHA-256: b8fe1549c56bded948595104d3086e5d8431bea38f0f570cf654b41904f1a580
    Size: 46.15 kB
  30. python3-yubico-1.3.2-9.1.module+el8+1922+95af2a3b.noarch.rpm
    MD5: b1477691c23421d8758b1863b57ff241
    SHA-256: 1e57d6ab32fad988403828e060a2ccfc99e86a6a8adcca49da180ca6328bc350
    Size: 62.22 kB
  31. slapi-nis-0.60.0-4.module+el8+1922+95af2a3b.ML.1.x86_64.rpm
    MD5: a320234cf57c8d20f64ff8d95d14349d
    SHA-256: 32e4480bd56dde48c990fbb1ed234e2defce637f2b1ae9ed4f7ed33d0526d0c9
    Size: 159.70 kB
  32. slapi-nis-debugsource-0.60.0-4.module+el8+1922+95af2a3b.ML.1.x86_64.rpm
    MD5: af3bcf350197d37cbfa4d6401ee3b9ae
    SHA-256: 78526a3ec7f8275a3df97c509e5068831e2a4c8b1b0b24a57142d2b7bb8723e0
    Size: 135.21 kB
  33. softhsm-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: 5cc2e77aeb0d1562cab270e17565c287
    SHA-256: af9092cd8ad1826ab478c8e4d85ca4124dd7d0379568fb77b96782bac80c5e28
    Size: 429.82 kB
  34. softhsm-debugsource-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: d4ec6237841f9d0c7fd20533579c8673
    SHA-256: d0e461dba8b48039b06c9a417861364f628e96c931e264fcbe39519570c88217
    Size: 203.52 kB
  35. softhsm-devel-2.6.0-5.module+el8+1922+95af2a3b.x86_64.rpm
    MD5: f30c62c12579784a5d94bcdc0e248dd7
    SHA-256: d331b21f175e1edb572b0dc0422185a3d05533c55ce3651cc36f8f614edececc
    Size: 20.48 kB