ipa-4.12.2-22.el9_7.1
エラータID: AXSA:2025-11478:08
Release date:
Friday, December 5, 2025 - 20:01
Subject:
ipa-4.12.2-22.el9_7.1
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
Red Hat Identity Management (IdM) is a centralized authentication, identity
management, and authorization solution for both traditional and cloud-based
enterprise environments.
Security Fix(es):
FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA
(CVE-2025-7493)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
For detailed information on changes in this release, see the MIRACLE LINUX 9
Release Notes linked from the References section.
CVE(s):
CVE-2025-7493
Solution:
Update packages.
CVEs:
CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Additional Info:
N/A
Download:
SRPMS
- ipa-4.12.2-22.el9_7.1.src.rpm
MD5: 4a253de9326747146850f261d7793251
SHA-256: 2c4d7f4067a1b94079d598c83c243f3fffa3cbe70cee328a6fd5e9b56e14d194
Size: 5.71 MB
Asianux Server 9 for x86_64
- ipa-client-4.12.2-22.el9_7.1.x86_64.rpm
MD5: c0307b9938019e54d12d1c028142bc12
SHA-256: d891d337299b237e60c65e899b2abd2c9625b8fce3c207e6474ec1ca5d18f53a
Size: 139.51 kB - ipa-client-common-4.12.2-22.el9_7.1.noarch.rpm
MD5: 28312abb6d91fc0a57ea32f9835bff5a
SHA-256: ba85dbd41a0794d4ee78271dbf8a00e0838180a0c3988e84aae44791c7d6dac0
Size: 45.09 kB - ipa-client-encrypted-dns-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 2c7dd340e9cb0d18e987f91e7ea43be4
SHA-256: 65e80b4c18cc65a7606c119821dca1289d04945799ae7d0623e25a1ef2ffb3ab
Size: 36.36 kB - ipa-client-epn-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 1199ccb9e72be024f7c204a303361118
SHA-256: 035cb3925649de951590ec651653399f901b728e7d0df92a6ae713ad9939c4c0
Size: 43.97 kB - ipa-client-samba-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 894d9f759956a5fe963b5d3950abe2c2
SHA-256: 604db13d7ba43334fec5578d79f7e976ce6d073f67bc8ce89f473fa488b7eee6
Size: 39.31 kB - ipa-common-4.12.2-22.el9_7.1.noarch.rpm
MD5: 54b4e3758ef72171ec041677bddb0c48
SHA-256: 6ce213d5a47cbee32a300c084cfdc226e6926e237dce5c295f77a2ccba349af1
Size: 694.23 kB - ipa-selinux-4.12.2-22.el9_7.1.noarch.rpm
MD5: f2f965959ae5ef9b10b3917d67f6e9f0
SHA-256: 68caeef4d567c739e4c85e76c7621c9c0287b7e02622a9c3797bbf3edba4e247
Size: 39.28 kB - ipa-selinux-luna-4.12.2-22.el9_7.1.noarch.rpm
MD5: ec0a8960979e8ae10bc38d471bdd3663
SHA-256: d75d490f88592b878f4a64917a3720434ca303428e1df895ad747aca7f5eb1f6
Size: 31.34 kB - ipa-selinux-nfast-4.12.2-22.el9_7.1.noarch.rpm
MD5: f3e2cc8e28c958e6afa9b45d4136ee24
SHA-256: aed7fefb9af3c0c87b19755241747780dd54a7d85d003c45e1a34273b8e2c3ef
Size: 31.37 kB - ipa-server-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 0850485d2c9246006539187800390765
SHA-256: ad41bf6bd3e63d04856818e72cf4b3eeff67c5f2c3012c64bfea41fe855d9ec8
Size: 428.57 kB - ipa-server-common-4.12.2-22.el9_7.1.noarch.rpm
MD5: 9883559d7fe57a0ef2d0c2a5dd5e3c5f
SHA-256: d8cf056b30e59a0f838be035cbf953d76ec0e85624dae3ef2f0eb2fb592584b2
Size: 499.64 kB - ipa-server-dns-4.12.2-22.el9_7.1.noarch.rpm
MD5: 82b28b4dd2e2d0123789a6ce05948f4b
SHA-256: 0deb3f47f937f2909405c546f747dda55f5e89385cc6ff6fbcbb4c915327b602
Size: 57.68 kB - ipa-server-encrypted-dns-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 0f33782656724309ceaacecb4dc351e7
SHA-256: 30633e30880bb522521183e36d39775e6b5a646a0353290603eb98bc10a829e6
Size: 36.45 kB - ipa-server-trust-ad-4.12.2-22.el9_7.1.x86_64.rpm
MD5: 2e96f6332d8d9974ef1311e70acab70e
SHA-256: 4ffa865034a45e0a0dea5fc247a2e2cca0da79be2a7c3252de73adbd4b510ab0
Size: 153.57 kB - python3-ipaclient-4.12.2-22.el9_7.1.noarch.rpm
MD5: afe9bbfa24022118f891413088995dcc
SHA-256: 1ddb78a26ca23465a1317ae4e21008573668a35b64657f25a8dcd9ce0d9314f6
Size: 660.85 kB - python3-ipalib-4.12.2-22.el9_7.1.noarch.rpm
MD5: d44144163d5e9b783dee4c87c9676154
SHA-256: e994e72b0b991d23aa9240c197b91d070b2a958ed1559236f92bd982ed45aea0
Size: 694.50 kB - python3-ipaserver-4.12.2-22.el9_7.1.noarch.rpm
MD5: 5ca83081f8e6a12fa108463a54ac37f7
SHA-256: 67d9fd602177d28ce897a473a1947fe0286042739bcbce4eb12432b11991482d
Size: 1.56 MB - python3-ipatests-4.12.2-22.el9_7.1.noarch.rpm
MD5: 26ed248092303b2a3598f7048955d870
SHA-256: 0f5ab836b726e936f5a54243ada1cebe9c858f057d071d4c061b2270a402bc83
Size: 1.77 MB
日本語