ALT-BU-2025-13099-2
Branch p10 update bulletin.
Closed vulnerabilities
Modified: 2026-02-16
BDU:2025-14421
Уязвимость сервера FreeIpa, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2026-04-15
CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
- https://access.redhat.com/errata/RHSA-2025:17084
- https://access.redhat.com/errata/RHSA-2025:17085
- https://access.redhat.com/errata/RHSA-2025:17086
- https://access.redhat.com/errata/RHSA-2025:17087
- https://access.redhat.com/errata/RHSA-2025:17088
- https://access.redhat.com/errata/RHSA-2025:17129
- https://access.redhat.com/errata/RHSA-2025:17645
- https://access.redhat.com/errata/RHSA-2025:17646
- https://access.redhat.com/errata/RHSA-2025:17647
- https://access.redhat.com/errata/RHSA-2025:17648
- https://access.redhat.com/errata/RHSA-2025:17649
- https://access.redhat.com/security/cve/CVE-2025-7493
- https://bugzilla.redhat.com/show_bug.cgi?id=2389448
- http://www.openwall.com/lists/oss-security/2025/09/30/6
Package 389-ds-base updated to version 2.2.10-alt2.p10.1 for branch p10 in task 396573.
Closed vulnerabilities
Modified: 2026-02-16
BDU:2025-14421
Уязвимость сервера FreeIpa, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
Modified: 2026-04-15
CVE-2025-7493
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
- https://access.redhat.com/errata/RHSA-2025:17084
- https://access.redhat.com/errata/RHSA-2025:17085
- https://access.redhat.com/errata/RHSA-2025:17086
- https://access.redhat.com/errata/RHSA-2025:17087
- https://access.redhat.com/errata/RHSA-2025:17088
- https://access.redhat.com/errata/RHSA-2025:17129
- https://access.redhat.com/errata/RHSA-2025:17645
- https://access.redhat.com/errata/RHSA-2025:17646
- https://access.redhat.com/errata/RHSA-2025:17647
- https://access.redhat.com/errata/RHSA-2025:17648
- https://access.redhat.com/errata/RHSA-2025:17649
- https://access.redhat.com/security/cve/CVE-2025-7493
- https://bugzilla.redhat.com/show_bug.cgi?id=2389448
- http://www.openwall.com/lists/oss-security/2025/09/30/6
Closed vulnerabilities
Modified: 2026-03-04
BDU:2024-07705
Уязвимость интерфейса HID Profile (Human Interface Device) стека протоколов Bluetooth для ОС Linux BlueZ, позволяющая нарушителю выполнить произвольные команды
Modified: 2025-11-03
CVE-2024-8805
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177.