关键漏洞信息 公告编号: RHSA-2025:21138 发布日期: 2025-11-12 更新日期: 2025-11-12 严重程度: 重要 漏洞概述 标题: python-kdcproxy 安全更新 修补的安全漏洞: - CVE-2025-59088: 通过 Realm-Controlled DNS SRV 进行未认证的 SSRF - CVE-2025-59089: 通过无界 TCP 上行缓存进行远程 DoS 受影响的产品 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x 解决方案 详情请参考: https://access.redhat.com/articles/11258 相关链接 安全公告分类: https://access.redhat.com/security/updates/classification/#important