Red Hat Product Errata RHSA-2025:9194 - Security Advisory
Issued:
2025-06-17
Updated:
2025-06-17

RHSA-2025:9194 - Security Advisory

Synopsis

Important: idm:DL1 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the idm:DL1 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-4404)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

  • BZ - 2364606 - CVE-2025-4404 freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
ipa-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.src.rpm SHA-256: 6adc994edcdb53b1d3c19ba79500ef033d1ef1a4914b5bc20c82ad793e73f107
ipa-healthcheck-0.4-4.module+el8.2.0+5496+53199ee7.src.rpm SHA-256: 267276508adaaa58dffebf147a0f7e2679fe1a1de8b837b8f00baa0be3357438
python-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: d6c8668b633458beb143b1d3caf37c0c12739898645147b534a2b8d42f60adf7
python-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 09bfe13452ed43252f7f8145ff00567d4d0b4afab9d53c0aee653b4062d0f575
python-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 7af6d10402c3398ee50b632743716aefacfeb6eb565a61f5555e3333a2f1d1db
pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.src.rpm SHA-256: 21be100ceaf3121d69ee92097405c55597957a05f954570f41ade89e4ceabfc9
bind-dyndb-ldap-11.2-3.module+el8.2.0+21753+7109ce90.3.src.rpm SHA-256: ef6c9b71d85b77d3f2407ab6ed68e29189708e6c705d5e8de4a002e6c58a0bfc
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.src.rpm SHA-256: b6100bdac9432491fa4251dd7d842fdd781e144a5e8218dfe4fc2c7b7c82e395
ipa-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.src.rpm SHA-256: 63ba2a415e53171db9c4476f39a10940670d910d063e7d461414c18702da68a4
ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.src.rpm SHA-256: 89f0b271c38debacd9e806496fa9a353e8052413b78856b15b4aa1d0782f6da9
ipa-idoverride-memberof-0.0.4-6.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 5886821428f563f2d337678d75a64dec040f37f1611ecbc1203ef42cd6379dc6
opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.src.rpm SHA-256: e045eb69fb90d38ade7c30a3391de3d455e728c8f27a4e95674993c0ddd2d0eb
python-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.src.rpm SHA-256: bb16a237e70d1ca926e78e44749af20a2a638021634a6577a2975acde7f18b17
python-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.src.rpm SHA-256: 9f115ba78e802faaad70ed34c4993fe93800eaf7fe99ec7ccb1ca4455d7b3b85
python-qrcode-5.1-12.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 2bfceb8a4bbb850a9aefc6c4f3ae41aa5ceafd5332de472e7bba7355de784285
python-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.src.rpm SHA-256: 0260dd85e9c42230410a89062e79eb26bea8cd2b9609564d8f880328368ab597
pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.src.rpm SHA-256: ff485d9fb55ced1abc92c78709333b4be6b1b94ac4fd5a0c18385571384511a5
slapi-nis-0.56.3-3.module+el8.2.0+10782+8facb0b2.src.rpm SHA-256: cc391aac31b9ad46a20a89e2240c020151cdbee894f961fecf1dcddf419017cb
softhsm-2.4.0-4.module+el8.2.0+5779+a38c524f.src.rpm SHA-256: 58569bd888c6adae41239ee0a0c5b379d4654b03a436dc80b2f893e67f42835f
x86_64
ipa-client-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.x86_64.rpm SHA-256: 1bed170e1193870406db03dad26636af4ea7a7b86621f255f06e6340b0c6b491
ipa-client-common-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.noarch.rpm SHA-256: 5cd44c04c2f2d1b15950c04269f1e95febf77339fcae65f3a18a0122e06b4303
ipa-client-debuginfo-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.x86_64.rpm SHA-256: 9b2b601ab5d04647609e67480431ffd473407bea2e3607bee79bbf2b26fdf5a8
ipa-client-samba-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.x86_64.rpm SHA-256: 54c04554123e227a81b450c24af784306b6d5618eb46b7098a26932c81d5e9a1
ipa-common-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.noarch.rpm SHA-256: e55cf96ba59e3dae4606814304c7a1213aa475b5fd41a22f95edd070a324bd02
ipa-debuginfo-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.x86_64.rpm SHA-256: eeb081777afae2d52f053a97815eefb2ca179c56d73c04f831ffd65011fb84a4
ipa-debugsource-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.x86_64.rpm SHA-256: 36c319d4a3f5a8e2af093b6a9e12f0fdfe5e1df8883d335c0b616f5e69dae6e8
ipa-healthcheck-core-0.4-4.module+el8.2.0+5496+53199ee7.noarch.rpm SHA-256: 647f6d2c11e42db795a09c53d01ebe85da46564d91eb3ef5d26ed742061ab59e
ipa-python-compat-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.noarch.rpm SHA-256: a44fa1bb670e02450e9bd9aff39e9f7581c47bddc0bcb6b31b6f621c346192b5
python3-ipaclient-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.noarch.rpm SHA-256: f0ee1ff5e9df4ea62d0b8e3235ff618e05c48ccd1456005ab44aa0fec9186820
python3-ipalib-4.8.4-14.module+el8.2.0+23212+8be8acd6.6.noarch.rpm SHA-256: 79f0dd6a58c8b53849cc852f9177dd51bbf1d7dea888aaa761e5d6c993fd9578
python3-jwcrypto-0.5.0-1.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 8d803be7455a18c9905fd02dfd6c3e2218fe5c1b1353cf9913d186242ffb0f3a
python3-pyusb-1.0.0-9.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 6ff9292dc2cb4bb68316c41ff47410ffde0f716e917a782c4b26ea8b92a46cb8
python3-qrcode-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 0a1c17a0cd49cccff754e8e648a0a7328b8cac0dac0c49db09d537c36b2c4012
python3-qrcode-core-5.1-12.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: 00765719f0ae1a8b21d28a87542a627d1d98d7420c2506850adc99e16ddaf709
python3-yubico-1.3.2-9.module+el8.1.0+4107+4a66eb87.noarch.rpm SHA-256: ed59d3c8ee0a4bfde5550547bee128a96c3d06b4eb1b2c78d2d9ee408809c23c
bind-dyndb-ldap-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: 7e8c92f0e0f35c31e7d54f305301e4293318687c9cdd53b5c8270ba49fc1dc99
bind-dyndb-ldap-debuginfo-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: f1867d119f8a773193ee6db57466469162d2987a4ab60dc3f98fc427a6fdc756
bind-dyndb-ldap-debugsource-11.2-3.module+el8.2.0+21753+7109ce90.3.x86_64.rpm SHA-256: e7b2db5428fe8e360b53847fd356daab4c476c14d1dbf19e7297a80403d8707b
custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 0e4a6b39176aec62a46d78dc25190c73e74a13a9cab03c6fb3a01c87a50985c1
ipa-client-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: d7c9fd7ec9b22b1846465d3770aa8029b3f19dfd6660c36eacef2e0beac23e90
ipa-client-common-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: c8d1006927f9c069617af55a6a61ca67c881d1114f6f80a901542aa326c38d50
ipa-client-debuginfo-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: d89d9b203ec45ae8ef79ce9a093072dea6b1bee64fc9b1efd68a163f19ccbc8a
ipa-client-samba-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: 5686ed05fa98d3b05b4356787c63b43e454d2f908aeb0c1f4249a191afd90dba
ipa-common-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: b9492ce70a3c32ae6d89ab5f37a54a3e5c480274e74346c12a4449d389e66031
ipa-debuginfo-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: 49b308b92c1a6151d7dff74ab741ebf82561594ca4790c65fda116ffa47ceb06
ipa-debugsource-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: 2bfd5ecae3dfcf3e49cc36fd56da0f5ce8dfa38a5636fe56cf11c818b97777e0
ipa-healthcheck-0.4-4.module+el8.2.0+5489+95477d9f.noarch.rpm SHA-256: e32a9cd21fe502359ead7cc02b18f1a7cd343d64bb6849f8993b6232d8e4e11a
ipa-healthcheck-core-0.4-4.module+el8.2.0+5489+95477d9f.noarch.rpm SHA-256: f70d8feab6aff70adf93da9ca66543ecba4cb4d205c2feb90f603661a3eff1f9
ipa-idoverride-memberof-plugin-0.0.4-6.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: b7ffef204b68de5a12d757d50d1c081bbd3d49781dfe9e0398187dc117ca97a9
ipa-python-compat-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: 06c3e1fd1680b9774169ff162810d04fe5974155d03b16b6de0a91db5674eac3
ipa-server-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: f9d47f443e2090ccdb61a3ea7ce685e2793a4ea48b08884c14d3a21c0494be91
ipa-server-common-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: 1b6d81bf298a9e9a3c1aa681bda65e6ad5ca0f6fee82104baef4b9f7cebde97e
ipa-server-debuginfo-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: c6e05b7ef218e5c2c15371249834b2409a5afb39a95b417fdaceeb848045428d
ipa-server-dns-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: 4b1665f3b479a71d6b42d2b71d6fc5506609201e635deb6fc408d28e3fcfbc3c
ipa-server-trust-ad-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: d59863a468bb5a60e87130f3c87ffe7cfc3356927162dfcd83dde1f43bee15d3
ipa-server-trust-ad-debuginfo-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.x86_64.rpm SHA-256: d3b6ca08032910213cef517b58717fcbd45ad4353a15461b0d0fc26ea78ae94f
opendnssec-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: 28c73e253d4c445f617f5c6b6d40980b427da749765315dbda1563efab11b309
opendnssec-debuginfo-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: c45a46373074e055a6511e2ebe3b6c0defa7d6c39f31a1aaefb2e69e196f99f0
opendnssec-debugsource-1.4.14-1.module+el8.1.0+4098+f286395e.x86_64.rpm SHA-256: 0a6afbdbd46d7ba2070375fd2afb7a3d826c9c63e16f61e3b0adaf681d2c8040
python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 2fbace8f9985587a09e887a249b2c30d5a7b13be0af41d9992b8fb33b74856cf
python3-ipaclient-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: 799a981be81b2c2663f9a4a316915ccd7451a29641c17566afcb85710245ca79
python3-ipalib-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: 842056c7404322ffb237c74f414fbae901ec8f098a61a3047aae16036fb06fcb
python3-ipaserver-4.8.4-14.module+el8.2.0+23213+bc8e4dd2.6.noarch.rpm SHA-256: e472f69ec89c8bfb2afde1dc6c201e65cef84e41a24afdd8c64d9de737a82c96
python3-jwcrypto-0.5.0-1.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 6eb7e382f990ab745a4329bf863fdbca79c081744846e60d3c2a095dd513cf39
python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456.noarch.rpm SHA-256: 4b3636274d0f8dcc626a2cd94e867ce82283cf4b4d7cb3fb877941fbd02556d7
python3-pyusb-1.0.0-9.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: f55b57ab9e903c42846aafd7c836d00f8a1badd1a6077cf8f2434c915cd10e16
python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 6405e36fd8855d158dd2423986e2efc96f6da2add80b2feb225252df19ccc205
python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 1c0da67aa395b5bddd167b655713c711e6768f21e7d76c5c9c1533b6b2ac299e
python3-yubico-1.3.2-9.module+el8.1.0+4098+f286395e.noarch.rpm SHA-256: 312f69eeaf58f3b78d691bcc3c381a57a294f2e2e783013935c1111f528e0aaf
slapi-nis-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 4975dcb06166c26db16f28b3dfa1bcc18165bb10c2d8f07fcb1647798b6099f2
slapi-nis-debuginfo-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 0ad3ba295bc42fc9e715acad896d8332c3d01fa824fb1a103e9f653350a31879
slapi-nis-debugsource-0.56.3-3.module+el8.2.0+10782+8facb0b2.x86_64.rpm SHA-256: 0799e263c140d29176cbdd85a2c341ca3cef6fa1284e9d87fdce3948a506149a
softhsm-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: 3a11f010c185650003a3753461e8eb80a7538741e33221a469b5bb6ff6a5e8c9
softhsm-debuginfo-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: d9156e94eac4324b32c0d980280595bc419670e7ee00f3c3ef555cf8fddd1521
softhsm-debugsource-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: fe0df40e440970b54f8fe47eea828a8cfb384cbf18a5067304f84c235e1544f8
softhsm-devel-2.4.0-4.module+el8.2.0+5779+a38c524f.x86_64.rpm SHA-256: 8a4aff3af635ce962452d0be7f5c371a3da3ae670f0651de03e0e0dc203caa58

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.