RLSA-2025:20095 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147) * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901) * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902) * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633) * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655) * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941) * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004) * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742) * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005) * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013) * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020) * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984) * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761) * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741) * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412) * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369) * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-ppc64le-baseos-rpms kernel-6.12.0-124.8.1.el10_1.ppc64le.rpm 7367469e00557dcfba2ba65c5fa5e7ea99d1ba2d2bd54ddc1660ea8301ac61dd kernel-abi-stablelists-6.12.0-124.8.1.el10_1.noarch.rpm cf2f27485a692bfdcd43874fea44bab7e5b99670b75801c3af24937fae25e5a1 kernel-core-6.12.0-124.8.1.el10_1.ppc64le.rpm 3cfdcfaeff43dc7473f8d801488ca296e8583d95439cc3837cdb8a6658ffb122 kernel-debug-6.12.0-124.8.1.el10_1.ppc64le.rpm 4bdaa1c4cdc68bb2878ff3ba2d78cd415bce41b33fa8ea389e573104f44e8191 kernel-debug-core-6.12.0-124.8.1.el10_1.ppc64le.rpm e53eff59ece93598891e7e87c5afdb3cfdc0c1df4714630c79fd688e2b005e07 kernel-debuginfo-common-ppc64le-6.12.0-124.8.1.el10_1.ppc64le.rpm 69044ac7aed9d00bd24366f8476367259fa6d313cfdcdc7b4f3d8e03523b2bbe kernel-debug-modules-6.12.0-124.8.1.el10_1.ppc64le.rpm 26c401d9ffcf7d1a24e211e24d7219c20c0b9c644db46a21d36562d2ca9bf2eb kernel-debug-modules-core-6.12.0-124.8.1.el10_1.ppc64le.rpm 32cbe24c01ee202bceb81355e36b7cd787a57e7c2c56c89ad628466ae12f85d8 kernel-debug-modules-extra-6.12.0-124.8.1.el10_1.ppc64le.rpm 100974dc4ffec9322c5a880c205bfc7520071e8cce430218cc695f8b7ceeada9 kernel-modules-6.12.0-124.8.1.el10_1.ppc64le.rpm 59231b62aadbee5b9a6a66e59a793bbfb55c62a5e5cea11a316b1b61378df8c2 kernel-modules-core-6.12.0-124.8.1.el10_1.ppc64le.rpm 8a31157eb7598573492515a7725f221971d684eaed44d3e0224329c222cb06ed kernel-modules-extra-6.12.0-124.8.1.el10_1.ppc64le.rpm fe612fd19b68b0fae82b3bc56058c8543f1e4c355fa194d5a4bb5072f8e36510 kernel-modules-extra-matched-6.12.0-124.8.1.el10_1.ppc64le.rpm e51476d63a1f4895dafb936efef462907f2918242ae2ed45da2527e2dad26112 kernel-tools-6.12.0-124.8.1.el10_1.ppc64le.rpm 3ba30e161bdc812285160748d273eaa0afe1d416e0c4615da6f3aac8763afcc4 kernel-tools-libs-6.12.0-124.8.1.el10_1.ppc64le.rpm 057c7d11d5fe2fbeb18c20db3486cef694b5b2d62c88171b1fed65260237156e RLSA-2025:21248 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms openssl-3.5.1-4.el10_1.ppc64le.rpm 80acb3b68836d5c73cb2f967abd8631491a30096490e9c211db715d1b561e7ed openssl-libs-3.5.1-4.el10_1.ppc64le.rpm fbfcf26f6cefee83791604bb99a0155ce9a8ae43506fb4e8a823149bfc270481 RLSA-2025:21931 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730) * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms kernel-6.12.0-124.13.1.el10_1.ppc64le.rpm fec66bf916967a51a519b5996a62ae3fc914484689585b0235231f612adddd8f kernel-abi-stablelists-6.12.0-124.13.1.el10_1.noarch.rpm 636c0acfab2af6d3ccf248a3393f7315d1d07c409a51148a4e31c720371b34f2 kernel-core-6.12.0-124.13.1.el10_1.ppc64le.rpm 4d7f6673f04e26a2960a2a1ba710b51bf9d472cadfbdcca45e6cbddd6534f604 kernel-debug-6.12.0-124.13.1.el10_1.ppc64le.rpm 8eb2c3fc92a390de22a45701358a112fb378ce0043114e27c3378ec398e8368a kernel-debug-core-6.12.0-124.13.1.el10_1.ppc64le.rpm bda197b2ff49c9ad7f932ba6b616ea194466fa8e29eb9317aeed861a1f8e741b kernel-debuginfo-common-ppc64le-6.12.0-124.13.1.el10_1.ppc64le.rpm c15350b57a33be4a94ad736903a253a19098044f2317a8205e3caa8de3bc8d54 kernel-debug-modules-6.12.0-124.13.1.el10_1.ppc64le.rpm 43326d6eade9bf97eb6d4568f0681a87d7813206f531b792ddcec325ea4b57d4 kernel-debug-modules-core-6.12.0-124.13.1.el10_1.ppc64le.rpm 81309ea38df316e15647e99a731def6e4e357d3c27f36cc1c2fb2907ac176931 kernel-debug-modules-extra-6.12.0-124.13.1.el10_1.ppc64le.rpm a10b0a70f55cade1d055492f55e3cfe8451649f7e7bd3701f6bbc16c1fa03e62 kernel-modules-6.12.0-124.13.1.el10_1.ppc64le.rpm 2fcd9d8126aaf73417e8930be0978969b19b75a8b5f089a35d439c36be0b95e3 kernel-modules-core-6.12.0-124.13.1.el10_1.ppc64le.rpm 9fb1a63980c0d0a562f3318f3dcb901c76a489fca159e782d39fa19dcf88aa11 kernel-modules-extra-6.12.0-124.13.1.el10_1.ppc64le.rpm 53227906bf627c35afb0cb187a08a7fa213a7dbd044073c1b4785e9254d23135 kernel-modules-extra-matched-6.12.0-124.13.1.el10_1.ppc64le.rpm 3a156f7ff3297e82a480befb6c2690b05db722fa8ffebed5779105826dee8f1f kernel-tools-6.12.0-124.13.1.el10_1.ppc64le.rpm 9cecccc4bd7254574eeb21c66464febe66fb788c0b46fb3264b7e250af636098 kernel-tools-libs-6.12.0-124.13.1.el10_1.ppc64le.rpm 61f78ddf4df98674769cfd1b104625fe8ed69e4ba164258e274cc2ea4d326454 RLSA-2025:20145 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Low

An update is available for shadow-utils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts. Security Fix(es): * shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-ppc64le-baseos-rpms shadow-utils-4.15.0-8.el10.ppc64le.rpm c5672797b381b4a8c9f0c7d25a1a16e8553a4ea47e5651e8a97d8a59d8ac8b52 shadow-utils-subid-4.15.0-8.el10.ppc64le.rpm 7990148ac5c3d14768caaee79c1db662e373c912a6f3f28a633c74acf436c48d RLSA-2025:21020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.ppc64le.rpm f13c2c7dbcf1cab904e1d3b57c39d29b49d2b7c74803c1eda212481be881eaf3 libsss_autofs-2.11.1-2.el10_1.1.ppc64le.rpm 2c6e7b93ebc8b3b0774fd6f222ee331313f37ad5624b31da978f3d20f41841da libsss_certmap-2.11.1-2.el10_1.1.ppc64le.rpm 1bf8b2924e823142954d0085743541d7a2b829ea750a2105baa963ea2a31b963 libsss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm d1e03a69a780c617391c7038682dbdfe81f7868b55ef133e27dfe161b11c1d75 libsss_nss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm 42452353ff4d1931e35b65f8387974fea90ee0e0fc9d12b1f131f225f8704a1c libsss_sudo-2.11.1-2.el10_1.1.ppc64le.rpm 5db786bcafd004d8b5210c8054c5eeb1dd5762fd72aad4b1e4a12f970ebd84c8 python3-libipa_hbac-2.11.1-2.el10_1.1.ppc64le.rpm 049cff0e7f8c017446e6b85f4b32b93e5988934d02c26a66ce70d8d14f17c87d python3-libsss_nss_idmap-2.11.1-2.el10_1.1.ppc64le.rpm 9cd2803bda5bc694bd0ea25da33c087954175d51be8d8f1d96f271e4f05593bd python3-sss-2.11.1-2.el10_1.1.ppc64le.rpm 90a09aa30ca5d89365d646fc204db3ccd79406ad64ce8708e5a8046151e00089 python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.ppc64le.rpm 9edb8bc33e68f428f167cd5887dc5805815c017e7f8ce88f53b8dba9b918ac79 sssd-2.11.1-2.el10_1.1.ppc64le.rpm 447649cd26ff1fd95b9bb27695d5ad0985b0de1502e788f698c73d4b01790b0d sssd-ad-2.11.1-2.el10_1.1.ppc64le.rpm 524dd49f72d9831f7c975ab066ae6f7691d57b29a885a7235a9768737afd9ae8 sssd-client-2.11.1-2.el10_1.1.ppc64le.rpm 539a9497f05088afd124e2a3461063e20391387b4513b8917baa69ace45721e0 sssd-common-2.11.1-2.el10_1.1.ppc64le.rpm 3a20a07cf18521e2de4f52decd3f1e7fefeb429e05470a26c2a6dc9f70b3ff35 sssd-common-pac-2.11.1-2.el10_1.1.ppc64le.rpm e3b44229da95545017e17b36fb8853309b140e50a5c7fd30aa8a2fc8cc2b6133 sssd-dbus-2.11.1-2.el10_1.1.ppc64le.rpm 759ebed303a71d400897a2386e42be0345aff061a24106bf8aa7e08c562d120b sssd-ipa-2.11.1-2.el10_1.1.ppc64le.rpm 439382032170e983adee8def08c4724f2f6e7c50a5e396f2b8b9cf5a56dd72ca sssd-kcm-2.11.1-2.el10_1.1.ppc64le.rpm 4328e2b80f2b9f42e0b73902b9ae67b0ea09df032cfe60ab11fca9e4dcf29fca sssd-krb5-2.11.1-2.el10_1.1.ppc64le.rpm 43d763488385be0afde5402fd663f3ea9e46d7d1af731d54e2f688d356fdda54 sssd-krb5-common-2.11.1-2.el10_1.1.ppc64le.rpm 0f5a1e3e76bc76e1f40072938c44390453615c0c525d1670810765e2a26210e6 sssd-ldap-2.11.1-2.el10_1.1.ppc64le.rpm cec8388851566c003eac0d35bd2901bdd0949b7691e850ee33cf694131883899 sssd-nfs-idmap-2.11.1-2.el10_1.1.ppc64le.rpm b0afa01dcbac34322a4e38a8205b7bfc03a41b3b2ead48daa77f40d2fee904d8 sssd-passkey-2.11.1-2.el10_1.1.ppc64le.rpm fc27025a9ee7a8de3d4d9c21258119bda1f53806797ec5b5f37b8471bad7ef20 sssd-proxy-2.11.1-2.el10_1.1.ppc64le.rpm debfcef838c23d8a96b2b3866be2dfdd65bc5a8262f8de681cd37f0ddb896700 sssd-tools-2.11.1-2.el10_1.1.ppc64le.rpm d49f0e11cccf44548819af32abd06e082ec93a3ad3a4fc1565a7290ddd37c848 sssd-winbind-idmap-2.11.1-2.el10_1.1.ppc64le.rpm 93e05600f18a921c99e2a3e8044c9626e358cb3956e68a87b68c826c6dbc5978 RLSA-2025:21038 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-ppc64le-baseos-rpms kea-3.0.1-2.el10_1.ppc64le.rpm 6631f25acb1168d6d93ff1f3eb2afd83d31dc9e4b0e97078f76a1820f38491bc kea-libs-3.0.1-2.el10_1.ppc64le.rpm 6e2da48d24684ccf8d2c18630a52d8facac20b9977f0c89f99d90d4d5e2a6f3d