idm:DL1 security update

エラータID: AXSA:2025-10036:01

Release date: 
Wednesday, June 25, 2025 - 16:34
Subject: 
idm:DL1 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Asianux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-4404)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.

Modularity name: "idm"
Stream name: "DL1"

Solution: 

Update packages.

CVEs: 
CVE-2025-4404
A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by default, allowing users to create services with the same canonical name as the REALM admin. When a successful attack happens, the user can retrieve a Kerberos ticket in the name of this service, containing the admin@REALM credential. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Additional Info: 

N/A

Download: 

SRPMS
  1. bind-dyndb-ldap-11.6-6.module+el8+1890+2433be6a.src.rpm
    MD5: bb2d37674aa5f303fd9ac29edfb58746
    SHA-256: 22e1fdeeeca4dfb187f4a74b34c17e3a327b1de861008ce34e041aafb0a94d7d
    Size: 370.35 kB
  2. custodia-0.6.0-3.module+el8+1890+2433be6a.src.rpm
    MD5: 46506ec0af07e2640d5f7967deb392bc
    SHA-256: 53867c6832c48b1111ae9c0b8886ed5377933b1a7bc957dcda88075f7261b80f
    Size: 144.66 kB
  3. ipa-healthcheck-0.12-5.module+el8+1890+2433be6a.src.rpm
    MD5: f0cc03f8464070769426cd7c59b6fd04
    SHA-256: 9f55811d076a72bc27a21e9f65770d4713b4c2068af45253aa2a7dfd68fe29a4
    Size: 135.14 kB
  4. ipa-4.9.13-18.module+el8+1890+2433be6a.src.rpm
    MD5: af6a6f973bcc0d8363d4af665b4c37e0
    SHA-256: 8c9577e9e96ecac52871a2fd22a1fc2304af7ffb6f74e3a2741c7add149a8d08
    Size: 13.20 MB
  5. opendnssec-2.1.7-2.module+el8+1890+2433be6a.src.rpm
    MD5: 69b1a2d88083aa5c178bbe896efc855c
    SHA-256: 421a12ae4020ded5429dd1e8eb11c1832d6c292b2663fd443343fce8d61491c2
    Size: 1.09 MB
  6. python-jwcrypto-0.5.0-2.module+el8+1890+2433be6a.src.rpm
    MD5: ca92aac38523344aae4408b284d570cc
    SHA-256: 33768d5a451a892a93cc695b392e428096fbedeb3628103aafef699420d14c5f
    Size: 79.63 kB
  7. python-kdcproxy-0.4-5.module+el8+1890+2433be6a.1.src.rpm
    MD5: 1ee36a20b4b3194c24f41c32a43e89f8
    SHA-256: d7acd154a043c7fc2e23a864f9248a63758e53e287ffc511e35c48d4b6e4c793
    Size: 39.56 kB
  8. python-qrcode-5.3-1.module+el8+1890+2433be6a.src.rpm
    MD5: fd5ddddb0853b20fa6ae1a1aaac5e723
    SHA-256: f8b12b89769e6508d50074a4a45baab23e45735db3f60b9caf602519c9cfed7f
    Size: 35.47 kB
  9. python-yubico-1.3.2-9.1.module+el8+1890+2433be6a.src.rpm
    MD5: 14b618515f37bcdd48ca8645aae41633
    SHA-256: 7d5ae2f8cfc98a07936c3b68911b2cbc4d8eb32d028b8a17af89845eb1cb1ac3
    Size: 50.84 kB
  10. pyusb-1.0.0-9.1.module+el8+1890+2433be6a.src.rpm
    MD5: 8fc05c46665d9b829fe3fed1f66a5298
    SHA-256: fed0acf67f250a4ce07853b5baea65c2c690c2e19b2492114a9747a8154aab10
    Size: 78.96 kB
  11. slapi-nis-0.60.0-4.module+el8+1890+2433be6a.ML.1.src.rpm
    MD5: 0dd0bca70663f4908d0223584c9a3584
    SHA-256: 44d50e788b87dee7c218ba7beef54f982e7769516cf0fe0a15407a9d829b049b
    Size: 646.84 kB
  12. softhsm-2.6.0-5.module+el8+1890+2433be6a.src.rpm
    MD5: 58e043652359cde54af3f8cf5390d87d
    SHA-256: 779f47b80bbb9d9ca12dd0f9d21d86272356541ef24d299a0b6f78ea031f3d0a
    Size: 1.03 MB

Asianux Server 8 for x86_64
  1. bind-dyndb-ldap-11.6-6.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 0bce58cb4d53aa47545948e75bcbdafe
    SHA-256: fe547324af4ab9db5035b6470f641e1dd3a75659ac246efd0745e4f3e1143acb
    Size: 127.11 kB
  2. bind-dyndb-ldap-debugsource-11.6-6.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 0b3bb04ddd5a052eaf376a5ccccdad7a
    SHA-256: 7d8cf24a64a52fcafb6e00d5c2d387c06fdaab149b0272bfa97f899e2521b59d
    Size: 114.55 kB
  3. custodia-0.6.0-3.module+el8+1890+2433be6a.noarch.rpm
    MD5: 38b6b1974ce6bdd43f595a9eb07c3365
    SHA-256: 77b7887c498c9b68ca23e249e0a1d17b76dcd474ab0497ed7d980c0fa4fa79b0
    Size: 32.29 kB
  4. ipa-client-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: a963b2edb8a96840435ea6f13b4b332d
    SHA-256: bfcf81af90b8211f2952152ef04d16c99bb3e53bdc8d893e9b1430fe06d1c1ee
    Size: 292.96 kB
  5. ipa-client-common-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 5c0648213a6936e262b3d5e98489eada
    SHA-256: 8a545f1bb0940bca6d277fbd96ff85cbf4c3b50ca35437f173a475176fb0b741
    Size: 194.33 kB
  6. ipa-client-epn-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: a67583d90ce95af7a26e4d3516bfc90d
    SHA-256: d171823371f360efb2b48537a3417ea1d022a6d0fc2af4e456b36ecc59b64a5e
    Size: 192.41 kB
  7. ipa-client-samba-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 518aae76d1d513d2917b7e8ec9b81834
    SHA-256: a3fc4443d8db1f0030c4d4e5ff472952f0ad5c176a98692f6ffd00c65433f043
    Size: 187.95 kB
  8. ipa-common-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 800b56a192ba403e8df58f22cab620f7
    SHA-256: 30de495710627052a95bfbe6939168385b30aa8f2f9cc49e6c54983189b07cce
    Size: 802.33 kB
  9. ipa-debugsource-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 3eb7a8471b44938d8e24fbb920d849c4
    SHA-256: 218cd5529079e4bcee1ba27a2c2651a296ee8fb624a3c5a01c622278fc9c7906
    Size: 512.21 kB
  10. ipa-healthcheck-0.12-5.module+el8+1890+2433be6a.noarch.rpm
    MD5: 6015c39859c8af290be1fd71a225f793
    SHA-256: 4b25ab3b3d673bb1b78d438ad815f5b12b3ecee61c01bcddedbde486be57a174
    Size: 113.56 kB
  11. ipa-healthcheck-core-0.12-5.module+el8+1890+2433be6a.noarch.rpm
    MD5: a7f209d9fe3eea657d4d128645baf3ea
    SHA-256: 8ac776ab0d866889c8ea611e7da72a4eed7f35f53e4d32dd001c86f842ba221a
    Size: 59.33 kB
  12. ipa-python-compat-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: e137bd436774dfe0b12c957690f116e5
    SHA-256: 59b86f8b0792144955b3b28c861a4275f12eaf063e16770de14f86587e29ee2b
    Size: 185.76 kB
  13. ipa-selinux-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: ae4870d2c163ff188812d05f2bfb8987
    SHA-256: 23541c7811eddab544113b98b257f8434bfaf0dd08f0d1fef394cd89e1b0591a
    Size: 186.26 kB
  14. ipa-server-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: d10151225b1f577b1f3463146fb8ed9f
    SHA-256: 83d88342b17dbe2eaf3e77efc40ffe51db710f5bb6d1fc4b49f89fc80e4e8a7d
    Size: 559.08 kB
  15. ipa-server-common-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 58b70a9c82aba91efbbb5ea28001958b
    SHA-256: 3e01741c396ebdd16c488cc2c2c082a7d0d4fd1e4a6218c98947b615fc5fa4be
    Size: 627.18 kB
  16. ipa-server-dns-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 158d31bd0be9c6376f82645dd441d866
    SHA-256: 87f15e7c0f51b85a1c521bea575de029c6516329295c4b3ccb6816395889cd9a
    Size: 201.97 kB
  17. ipa-server-trust-ad-4.9.13-18.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 394c174cf836dce8df8de277ba10e228
    SHA-256: 248e0b9b2509ecd10a335a4805b2684921532972062deb08529e7c45f1c7098d
    Size: 299.61 kB
  18. opendnssec-2.1.7-2.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 143b1b521c588bfc28d824eae941fe9d
    SHA-256: 73ac343754fbb36de4bf37770f0933dadd89276113b1298b1081c1fcf780bfe5
    Size: 472.36 kB
  19. opendnssec-debugsource-2.1.7-2.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 1ae68343b95c7c6d6518497de16c8bc1
    SHA-256: 72f18cc64e13e72808ad1ada77e56497f2293c6cee88e1e2be10ec6225b8be75
    Size: 406.04 kB
  20. python3-custodia-0.6.0-3.module+el8+1890+2433be6a.noarch.rpm
    MD5: 5df9722957e9a53c00908e4c13344d5c
    SHA-256: f12cde2ddfd9aea2e20bf0cd89c1163a1f1b56ce864ebbc6be4be6a5914590b6
    Size: 120.08 kB
  21. python3-ipaclient-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: b4005df24c8a000911391de7cb69580c
    SHA-256: 2b9e9ad58949f7eb167905048100be02b175aa813f124e14ea00afd7b48c1926
    Size: 695.49 kB
  22. python3-ipalib-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: f5026b27229327d0412adf5129d5a776
    SHA-256: 3df0b269d141d34fa18d142ef15c930e80dd02ca2c731902d49baa911b411af6
    Size: 770.32 kB
  23. python3-ipaserver-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 457cfbe8022b60c1c3566f4ee5a82dec
    SHA-256: f45597aa0e99e582cdce6177dc48021831e1c269c47031e040b662f39430ce61
    Size: 1.68 MB
  24. python3-ipatests-4.9.13-18.module+el8+1890+2433be6a.noarch.rpm
    MD5: 9d2deeff76b26663f601796090af2db8
    SHA-256: ad5dda5ae55a696294b93d0e8995b85d5906bfe3c29d7b9e30436e79cda172fb
    Size: 1.74 MB
  25. python3-jwcrypto-0.5.0-2.module+el8+1890+2433be6a.noarch.rpm
    MD5: 97b193ab09cb5c6b0ecca8fef42005c8
    SHA-256: b2f5f0d5e74dac6fce6ac4002083fbe85c3321fddd440e22ef11afecf41636b6
    Size: 64.91 kB
  26. python3-kdcproxy-0.4-5.module+el8+1890+2433be6a.1.noarch.rpm
    MD5: 0b2341ebc95e0af653f61c86fbb68612
    SHA-256: c697f35965c3ea07e5cacf576ef23709c70c01aa9d07f032b29fb0e2b3c0f4b0
    Size: 39.15 kB
  27. python3-pyusb-1.0.0-9.1.module+el8+1890+2433be6a.noarch.rpm
    MD5: 381fa32779f8d7f3d62e3eaa0d8b4b80
    SHA-256: da83b96c1822ba2e444f92c3dd183d05384d3c185e9f93b188b57561458b05f1
    Size: 86.87 kB
  28. python3-qrcode-5.3-1.module+el8+1890+2433be6a.noarch.rpm
    MD5: 42040cab6daecce93db26bcb1322fea1
    SHA-256: b09f627c8b6d00af5999f8fb33709e97f8a98a8224ab73441fd75deaf974c352
    Size: 16.81 kB
  29. python3-qrcode-core-5.3-1.module+el8+1890+2433be6a.noarch.rpm
    MD5: abc3226baeaa24ec3cfddc4d1ef58aa2
    SHA-256: c5c83d25c0bd6520c40fb0e4e0959a4ed127a58ee66b8e356825f5bebded0cce
    Size: 46.15 kB
  30. python3-yubico-1.3.2-9.1.module+el8+1890+2433be6a.noarch.rpm
    MD5: 671ee03e043cdfb8275dc50147f2232f
    SHA-256: bdd4d2758c173b11471ad17f28bb0d53682f0a661e0467b1703d7af4e6bb0a28
    Size: 62.22 kB
  31. slapi-nis-0.60.0-4.module+el8+1890+2433be6a.ML.1.x86_64.rpm
    MD5: b37964b07c4c30990c01972086f0df4b
    SHA-256: 57288004cd3f72c4bcc47e2b5e314f07347bc721e0332ac023bc7c174ba69990
    Size: 159.69 kB
  32. slapi-nis-debugsource-0.60.0-4.module+el8+1890+2433be6a.ML.1.x86_64.rpm
    MD5: 01fd57e495538caca1f961c5136494a2
    SHA-256: c7af6121571309c8c6f28619433f9d8bef91514442fe6f9870b1e1dbca0b7c7e
    Size: 135.21 kB
  33. softhsm-2.6.0-5.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 36fa8e2a21e37dd9fef54f9f2d91ffe6
    SHA-256: 295014c9aba9736c2e60b17078f19066f3d37c34b01ce7624b74eda17a5877e0
    Size: 429.78 kB
  34. softhsm-debugsource-2.6.0-5.module+el8+1890+2433be6a.x86_64.rpm
    MD5: 2f7ad1c2b03a0425c176ffb978562bda
    SHA-256: 91a18659a4351a034489dc606eac8a610675be69c6d58d63eaf5c4c8143a697a
    Size: 203.52 kB
  35. softhsm-devel-2.6.0-5.module+el8+1890+2433be6a.x86_64.rpm
    MD5: bad872a005c766fa6c28520d52231dd0
    SHA-256: 2956c3a7f0c5696635186a717babebf37525dc826eda97c7ff09a206a2a487db
    Size: 20.48 kB