Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: SSSD Critical CVE-2025-11561 Kerberos Access Issue

fedora
Calendar Grey November 1, 2025
Dist Fedora Esm H88
SSSD update for Fedora 42 addresses critical Kerberos security issue allowing unauthorized access.
Fixes CVE-2025-11561 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728 After startup SSSD already creates a Kerberos configuration snippet in /var/lib/sss/pubconf/krb5....

Summary

Provides a set of daemons to manage access to remote directories and

authentication mechanisms. It provides an NSS and PAM interface toward

the system and a pluggable back end system to connect to multiple different

account sources. It is also the basis to provide client auditing and policy

services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the daemon as well as all

the existing back ends.

Update Information:

Fixes CVE-2025-11561 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728 After startup SSSD already creates a Kerberos configuration snippet in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin if the AD or IPA providers are used. This enables SSSD's localauth plugin. Starting with this update the an2ln plugin is disabled in the configuration snippet as well. If this file or its content are included in the Kerberos configuration (a default on Fedora) it will fix CVE-2025-11561.

Topics%20covered

Topics Covered

security advisory fedora high authentication access cve-2025-11561

Change Log

* Mon Oct 20 2025 Alexey Tikhonov - 2.11.1-2 - Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2402728

References

Fedora Update Notification FEDORA-2025-5f49ddd4af 2025-11-01 01:48:49.955140+00:00 Name : sssd Product : Fedora 42 Version : 2.11.1 Release : 2.fc42 URL : https://github.com/SSSD/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the daemon as well as all the existing back ends.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-5f49ddd4af' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: sssd
Product: Fedora 42
Version: 2.11.1
Release: 2.fc42
URL: https://github.com/SSSD/sssd/
Summary: System Security Services Daemon

Topics%20covered

Topics Covered

security advisory fedora high authentication access cve-2025-11561

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here