SUSE-SU-2025:4181-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2025/suse-su-20254181-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:4181-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/SUSE-SU-2025:4181-1

Upstream

CVE-2025-11561

Related

CVE-2025-11561

Published

2025-11-24T07:55:35Z

Modified

2025-11-25T02:02:50.683180Z

Summary

Security update for sssd

Details

This update for sssd fixes the following issues:

CVE-2025-11561: Fixed privilege escalation on AD-joined Linux systems due to default Kerberos configuration disabling localauth an2ln plugin (bsc#1251827)

Other fixes:

Install file in krb5.conf.d to include sssd krb5 config snippets (bsc#1244325)

References

Affected packages

SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS

sssd

Package

Name: sssd
Purl: pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-150400.4.40.1

Ecosystem specific

{
    "binaries": [
        {
            "sssd-dbus": "2.5.2-150400.4.40.1",
            "sssd-krb5-common": "2.5.2-150400.4.40.1",
            "sssd-proxy": "2.5.2-150400.4.40.1",
            "sssd-common": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-winbind-idmap": "2.5.2-150400.4.40.1",
            "libsss_simpleifp0": "2.5.2-150400.4.40.1",
            "libsss_certmap0": "2.5.2-150400.4.40.1",
            "libsss_certmap-devel": "2.5.2-150400.4.40.1",
            "libsss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-tools": "2.5.2-150400.4.40.1",
            "sssd-ldap": "2.5.2-150400.4.40.1",
            "sssd": "2.5.2-150400.4.40.1",
            "libsss_idmap-devel": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap-devel": "2.5.2-150400.4.40.1",
            "sssd-krb5": "2.5.2-150400.4.40.1",
            "libipa_hbac0": "2.5.2-150400.4.40.1",
            "python3-sssd-config": "2.5.2-150400.4.40.1",
            "sssd-kcm": "2.5.2-150400.4.40.1",
            "libsss_simpleifp-devel": "2.5.2-150400.4.40.1",
            "sssd-ad": "2.5.2-150400.4.40.1",
            "sssd-common-32bit": "2.5.2-150400.4.40.1",
            "sssd-ipa": "2.5.2-150400.4.40.1",
            "libipa_hbac-devel": "2.5.2-150400.4.40.1"
        }
    ]
}

SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS

sssd

Package

Name: sssd
Purl: pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-150400.4.40.1

Ecosystem specific

{
    "binaries": [
        {
            "sssd-dbus": "2.5.2-150400.4.40.1",
            "sssd-krb5-common": "2.5.2-150400.4.40.1",
            "sssd-proxy": "2.5.2-150400.4.40.1",
            "sssd-common": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-winbind-idmap": "2.5.2-150400.4.40.1",
            "libsss_simpleifp0": "2.5.2-150400.4.40.1",
            "libsss_certmap0": "2.5.2-150400.4.40.1",
            "libsss_certmap-devel": "2.5.2-150400.4.40.1",
            "libsss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-tools": "2.5.2-150400.4.40.1",
            "sssd-ldap": "2.5.2-150400.4.40.1",
            "sssd": "2.5.2-150400.4.40.1",
            "libsss_idmap-devel": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap-devel": "2.5.2-150400.4.40.1",
            "sssd-krb5": "2.5.2-150400.4.40.1",
            "libipa_hbac0": "2.5.2-150400.4.40.1",
            "python3-sssd-config": "2.5.2-150400.4.40.1",
            "sssd-kcm": "2.5.2-150400.4.40.1",
            "libsss_simpleifp-devel": "2.5.2-150400.4.40.1",
            "sssd-ad": "2.5.2-150400.4.40.1",
            "sssd-common-32bit": "2.5.2-150400.4.40.1",
            "sssd-ipa": "2.5.2-150400.4.40.1",
            "libipa_hbac-devel": "2.5.2-150400.4.40.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.3

sssd

Package

Name: sssd
Purl: pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Micro%205.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-150400.4.40.1

Ecosystem specific

{
    "binaries": [
        {
            "sssd-krb5-common": "2.5.2-150400.4.40.1",
            "libsss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-common": "2.5.2-150400.4.40.1",
            "libsss_certmap0": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap0": "2.5.2-150400.4.40.1",
            "sssd": "2.5.2-150400.4.40.1",
            "sssd-ldap": "2.5.2-150400.4.40.1"
        }
    ]
}

SUSE:Linux Enterprise Micro 5.4

sssd

Package

Name: sssd
Purl: pkg:rpm/suse/sssd&distro=SUSE%20Linux%20Enterprise%20Micro%205.4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.5.2-150400.4.40.1

Ecosystem specific

{
    "binaries": [
        {
            "sssd-krb5-common": "2.5.2-150400.4.40.1",
            "libsss_idmap0": "2.5.2-150400.4.40.1",
            "sssd-common": "2.5.2-150400.4.40.1",
            "libsss_certmap0": "2.5.2-150400.4.40.1",
            "libsss_nss_idmap0": "2.5.2-150400.4.40.1",
            "sssd": "2.5.2-150400.4.40.1",
            "sssd-ldap": "2.5.2-150400.4.40.1"
        }
    ]
}