libipa_hbac-devel-2.11.1-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15751-1 Final 1 1 2025-11-20T00:00:00Z current 2025-11-20T00:00:00Z 2025-11-20T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libipa_hbac-devel-2.11.1-2.1 on GA media These are all security issues fixed in the libipa_hbac-devel-2.11.1-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15751 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-11561/ SUSE CVE CVE-2025-11561 page openSUSE Tumbleweed libipa_hbac-devel-2.11.1-2.1 libipa_hbac0-2.11.1-2.1 libnfsidmap-sss-2.11.1-2.1 libsss_certmap-devel-2.11.1-2.1 libsss_certmap0-2.11.1-2.1 libsss_idmap-devel-2.11.1-2.1 libsss_idmap0-2.11.1-2.1 libsss_nss_idmap-devel-2.11.1-2.1 libsss_nss_idmap0-2.11.1-2.1 python3-ipa_hbac-2.11.1-2.1 python3-sss-murmur-2.11.1-2.1 python3-sss_nss_idmap-2.11.1-2.1 python3-sssd-config-2.11.1-2.1 sssd-2.11.1-2.1 sssd-ad-2.11.1-2.1 sssd-cifs-idmap-plugin-2.11.1-2.1 sssd-dbus-2.11.1-2.1 sssd-ipa-2.11.1-2.1 sssd-kcm-2.11.1-2.1 sssd-krb5-2.11.1-2.1 sssd-krb5-common-2.11.1-2.1 sssd-ldap-2.11.1-2.1 sssd-proxy-2.11.1-2.1 sssd-tools-2.11.1-2.1 sssd-winbind-idmap-2.11.1-2.1 libipa_hbac-devel-2.11.1-2.1 as a component of openSUSE Tumbleweed libipa_hbac0-2.11.1-2.1 as a component of openSUSE Tumbleweed libnfsidmap-sss-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_certmap-devel-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_certmap0-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_idmap-devel-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_idmap0-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_nss_idmap-devel-2.11.1-2.1 as a component of openSUSE Tumbleweed libsss_nss_idmap0-2.11.1-2.1 as a component of openSUSE Tumbleweed python3-ipa_hbac-2.11.1-2.1 as a component of openSUSE Tumbleweed python3-sss-murmur-2.11.1-2.1 as a component of openSUSE Tumbleweed python3-sss_nss_idmap-2.11.1-2.1 as a component of openSUSE Tumbleweed python3-sssd-config-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-ad-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-cifs-idmap-plugin-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-dbus-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-ipa-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-kcm-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-krb5-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-krb5-common-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-ldap-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-proxy-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-tools-2.11.1-2.1 as a component of openSUSE Tumbleweed sssd-winbind-idmap-2.11.1-2.1 as a component of openSUSE Tumbleweed A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts. CVE-2025-11561 openSUSE Tumbleweed:libipa_hbac-devel-2.11.1-2.1 openSUSE Tumbleweed:libipa_hbac0-2.11.1-2.1 openSUSE Tumbleweed:libnfsidmap-sss-2.11.1-2.1 openSUSE Tumbleweed:libsss_certmap-devel-2.11.1-2.1 openSUSE Tumbleweed:libsss_certmap0-2.11.1-2.1 openSUSE Tumbleweed:libsss_idmap-devel-2.11.1-2.1 openSUSE Tumbleweed:libsss_idmap0-2.11.1-2.1 openSUSE Tumbleweed:libsss_nss_idmap-devel-2.11.1-2.1 openSUSE Tumbleweed:libsss_nss_idmap0-2.11.1-2.1 openSUSE Tumbleweed:python3-ipa_hbac-2.11.1-2.1 openSUSE Tumbleweed:python3-sss-murmur-2.11.1-2.1 openSUSE Tumbleweed:python3-sss_nss_idmap-2.11.1-2.1 openSUSE Tumbleweed:python3-sssd-config-2.11.1-2.1 openSUSE Tumbleweed:sssd-2.11.1-2.1 openSUSE Tumbleweed:sssd-ad-2.11.1-2.1 openSUSE Tumbleweed:sssd-cifs-idmap-plugin-2.11.1-2.1 openSUSE Tumbleweed:sssd-dbus-2.11.1-2.1 openSUSE Tumbleweed:sssd-ipa-2.11.1-2.1 openSUSE Tumbleweed:sssd-kcm-2.11.1-2.1 openSUSE Tumbleweed:sssd-krb5-2.11.1-2.1 openSUSE Tumbleweed:sssd-krb5-common-2.11.1-2.1 openSUSE Tumbleweed:sssd-ldap-2.11.1-2.1 openSUSE Tumbleweed:sssd-proxy-2.11.1-2.1 openSUSE Tumbleweed:sssd-tools-2.11.1-2.1 openSUSE Tumbleweed:sssd-winbind-idmap-2.11.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-11561.html CVE-2025-11561 https://bugzilla.suse.com/1251827 SUSE Bug 1251827