CVE-2025-7493: host to admin escalation prevention: https://www.freeipa.org/release-notes/4-12-5.html
Rebuild for Python 3.14.0rc3
Update FreeIPA to latest fixes from ipa-4-12 branch
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-54a485ee85Please log in to add feedback.
This update has been submitted for testing by abbra.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
This update has been pushed to testing.
abbra edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update has been submitted for testing by abbra.
abbra edited this update.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'failed'.
Need to rebuild with a version fix -- metadata still has 4.12.2 in it, so instead of 4.12.5-1.fc43 we end up with 4.12.2-1.fc43 which is lower than the previous version and IPA upgrader refuses to downgrade, resulting in a refusal to start IPA services. New build is coming.
abbra edited this update.
New build(s):
Removed build(s):
Karma has been reset.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'passed'.
SELinux AVCs are known and related to new systemd/ssh helpers. Already supported in selinux-policy in updates-testing.
Correctly fixes the CVE
This update has been pushed to testing.
Pass tests in ansible-freeipa and fixes CVE.
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by abbra.
This update has been pushed to stable.