After startup SSSD already creates a Kerberos configuration snippet in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin if the AD or IPA providers are used. This enables SSSD's localauth plugin. Starting with this update the an2ln plugin is disabled in the configuration snippet as well. If this file or its content are included in the Kerberos configuration (a default on Fedora) it will fix CVE-2025-11561.
Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:
sudo dnf upgrade --refresh --advisory=FEDORA-2025-5f49ddd4afPlease log in to add feedback.
This update has been submitted for testing by atikhonov.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'failed'.
This update's test gating status has been changed to 'passed'.
No errors observed. Silverblue 42.20251020.0
This update has been pushed to testing.
no regressions noted
This update can be pushed to stable now if the maintainer wishes
This update has been submitted for stable by bodhi.
This update has been pushed to stable.