Moderate: kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241) * kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147) * kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222) * kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216) * kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662) * kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675) * kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690) * kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332) * kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901) * kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902) * kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633) * kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652) * kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647) * kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655) * kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941) * kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942) * kernel: zram: fix potential UAF of zram table (CVE-2025-21671) * kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680) * kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693) * kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691) * kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696) * kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702) * kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732) * kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795) * kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456) * kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987) * kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014) * kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988) * kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570) * kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004) * kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742) * kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743) * kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989) * kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015) * kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) * kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796) * kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786) * kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005) * kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013) * kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777) * kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738) * kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986) * kernel: padata: avoid UAF for reorder_work (CVE-2025-21726) * kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791) * kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020) * kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984) * kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761) * kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771) * kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981) * kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977) * kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790) * kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741) * kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785) * kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765) * kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006) * kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012) * kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750) * kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072) * kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069) * kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061) * kernel: idpf: convert workqueues to unbound (CVE-2024-58057) * kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828) * kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826) * kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077) * kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075) * kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837) * kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350) * kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357) * kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857) * kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851) * kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855) * kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844) * kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853) * kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847) * kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864) * kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088) * kernel: acct: perform last write from workqueue (CVE-2025-21846) * kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861) * kernel: io_uring: prevent opcode speculation (CVE-2025-21863) * kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976) * kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056) * kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749) * microcode_ctl: From CVEorg collector (CVE-2024-28956) * kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994) * kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116) * kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412) * kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369) * kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-x86-64-baseos-rpms kernel-6.12.0-124.8.1.el10_1.x86_64.rpm f990c2dca983f90c79190f85b2b928f18a918a36339400b8b14041806c191282 kernel-abi-stablelists-6.12.0-124.8.1.el10_1.noarch.rpm cf2f27485a692bfdcd43874fea44bab7e5b99670b75801c3af24937fae25e5a1 kernel-core-6.12.0-124.8.1.el10_1.x86_64.rpm 5615c4901c36f630952d003f5f6d679ad4ed6219dda582dfd10de81edc3889d0 kernel-debug-6.12.0-124.8.1.el10_1.x86_64.rpm 171a8040d4d730562cb54eb34dd3363ecc0010d47ece9ebcfc0cd2efbab20df6 kernel-debug-core-6.12.0-124.8.1.el10_1.x86_64.rpm e660702c4cb9d857f3f98a1c1d50390e66c765d20436f023a47a47df533b3443 kernel-debuginfo-common-x86_64-6.12.0-124.8.1.el10_1.x86_64.rpm a1135a260b0a76391c3b35bf8cb3e8772b01e3626797a6acf83afd91015b8c89 kernel-debug-modules-6.12.0-124.8.1.el10_1.x86_64.rpm 117614e654d40424964345355419ca89cbbcaf05400bd366ed298ecb8dde8f1c kernel-debug-modules-core-6.12.0-124.8.1.el10_1.x86_64.rpm 7283b4e28bc62c5bac8a90eb88dd5ef3ea319ea7f78115bd4b65fcb29d74354b kernel-debug-modules-extra-6.12.0-124.8.1.el10_1.x86_64.rpm a2ccc683b1d4cad5d922e9bd35388b2d95a54f16b3da7dceea09767579037da1 kernel-debug-uki-virt-6.12.0-124.8.1.el10_1.x86_64.rpm 535194ddbfb9332ffe5937b16b78616ca3bb502b98bd3f17447666d5c654fd04 kernel-modules-6.12.0-124.8.1.el10_1.x86_64.rpm 0c0004ea4a5db36b79a9feabd78655ccc6a4022e52466b83364f966627d6b584 kernel-modules-core-6.12.0-124.8.1.el10_1.x86_64.rpm a8ef4fe4f92533c3856c1d740d13c9b769d45d3834b73eb5b6bce06a27869e42 kernel-modules-extra-6.12.0-124.8.1.el10_1.x86_64.rpm fe8dc30f4b3d720049bac641f2214a61eb57d7ede1ca86a33db6c7b79b69aa5a kernel-modules-extra-matched-6.12.0-124.8.1.el10_1.x86_64.rpm 58a8daba528f0339fa88d7d27e177f2eed2fb6c962f33c8e023a0e3ad14e527d kernel-tools-6.12.0-124.8.1.el10_1.x86_64.rpm e82ca4e86c354486ff75811b57bc9883e0bb974d666c9ab3a357f999a64dd1e3 kernel-tools-libs-6.12.0-124.8.1.el10_1.x86_64.rpm 30fdf8c1e249d1a29fbef1accf6ed8676e26dfe942b08b0b1037e32207a1e631 kernel-uki-virt-6.12.0-124.8.1.el10_1.x86_64.rpm ac5b1360f99a05c4ff2a1c077696c2550de69d9f5a147b86a4ac2679604d7fd6 kernel-uki-virt-addons-6.12.0-124.8.1.el10_1.x86_64.rpm 41c4a70ab1de39048c1886d8729d00794a2d0f2cf6efe6b3fb5dea0b3ce53556 RLSA-2025:21248 Moderate: openssl security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for openssl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. Security Fix(es): * openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms openssl-3.5.1-4.el10_1.x86_64.rpm 8af0e247976b2a47ed7dd987622134e2828f5b44d899cf497f7501326dadef1a openssl-libs-3.5.1-4.el10_1.x86_64.rpm 2c35528699551a907f1a722afe7b83c65ca17e1b0036ead629c863901b4edd49 RLSA-2025:21931 Moderate: kernel security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CVE-2025-39730) * kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms kernel-6.12.0-124.13.1.el10_1.x86_64.rpm d0702a7ff090703a9ebea4a175c1b274bac9ed84f45d9218f37c018fbd462304 kernel-abi-stablelists-6.12.0-124.13.1.el10_1.noarch.rpm 636c0acfab2af6d3ccf248a3393f7315d1d07c409a51148a4e31c720371b34f2 kernel-core-6.12.0-124.13.1.el10_1.x86_64.rpm 31d08db871e7363937a943d42b3484ef968aa974b5d34b0c9dacdae7faa82332 kernel-debug-6.12.0-124.13.1.el10_1.x86_64.rpm 96f6f4c52398984da0b60eff28ded9a403604bf688624dc2f2d7b6b0154f24c6 kernel-debug-core-6.12.0-124.13.1.el10_1.x86_64.rpm 3129b00c7c1cea25cce8f6b1d4bb6588627723c63f2938c90d717e4f1a35f1a3 kernel-debuginfo-common-x86_64-6.12.0-124.13.1.el10_1.x86_64.rpm d2395d135568ff56ae085fc5bf8883b82e0a2ffb8ae0b34589af2787d9a79178 kernel-debug-modules-6.12.0-124.13.1.el10_1.x86_64.rpm c1c737626aab3564d4e13f17e050e34537534c1ec6b81f5e29c8697d495ffada kernel-debug-modules-core-6.12.0-124.13.1.el10_1.x86_64.rpm ced6a6c051fc81f9c54d1d70e606d9a27603a44d36d5f3e0a5d91c09ab9f3f5b kernel-debug-modules-extra-6.12.0-124.13.1.el10_1.x86_64.rpm e850683b3aa3d84f0e72dc1d36cad23049647a13cb1521f9f0ea361982aa14d8 kernel-debug-uki-virt-6.12.0-124.13.1.el10_1.x86_64.rpm a0141d50c2b821c9e281381542eee165f5e250294d552987f0220092a6cefbe3 kernel-modules-6.12.0-124.13.1.el10_1.x86_64.rpm f0dde7091ff979df4ff659bffdc76cbda5ea40a41289be7677b35f6c39e2dcc8 kernel-modules-core-6.12.0-124.13.1.el10_1.x86_64.rpm e8f218e418e467a570baafdec937e6fc4cf6ff38298900c5626c34ed20774646 kernel-modules-extra-6.12.0-124.13.1.el10_1.x86_64.rpm fe952e0ec6be8acae4f444159c8115159a4ca72ac11904401e233f6b7244503b kernel-modules-extra-matched-6.12.0-124.13.1.el10_1.x86_64.rpm b82c0b8843535925af298f611af95fd5e539d3d0660a20ab22b3a1d9a8fc5840 kernel-tools-6.12.0-124.13.1.el10_1.x86_64.rpm fcd001643be434656f5f1880b12448bedf2ef8019ec92a6a0340cf9d6c1afc3a kernel-tools-libs-6.12.0-124.13.1.el10_1.x86_64.rpm 76aa2ba791267e0bd1a4af31b0dc1e9d9d80042c5c870331ec66005acfc2a426 kernel-uki-virt-6.12.0-124.13.1.el10_1.x86_64.rpm 1acca83af2623a12228acbcc677f288803c5f94de82edaa275cd6b478087e50e kernel-uki-virt-addons-6.12.0-124.13.1.el10_1.x86_64.rpm bac78c6067a5fbed4a31c3ed3da9d54102f18a757a1d2bfdfbada913363d9352 RLSA-2025:21020 Important: sssd security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for sssd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The System Security Services Daemon (SSSD) service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch (NSS) and the Pluggable Authentication Modules (PAM) interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms libipa_hbac-2.11.1-2.el10_1.1.x86_64.rpm bad001a146f46c9dc8fe08f10792926a1e21b1d32c7e996ceeafa6f92847852e libsss_autofs-2.11.1-2.el10_1.1.x86_64.rpm 2ec7e9a487815c69574d06cf2ee07b19f4fa191c094ed19997b421c434815dde libsss_certmap-2.11.1-2.el10_1.1.x86_64.rpm 54eac306740f3c78836c127e86fa555d35b489f2b76c45c9679ce4f9267d4989 libsss_idmap-2.11.1-2.el10_1.1.x86_64.rpm f8d94fb2d62bd3001a2046f82e8f005c533a86f74b75af4ad527bbe5be5e6003 libsss_nss_idmap-2.11.1-2.el10_1.1.x86_64.rpm 04d33462dd10d608a88cc43c37eefc3d5f379b4ef7d974fae11a6305c0cf4c05 libsss_sudo-2.11.1-2.el10_1.1.x86_64.rpm 37542fb9b44177f308ab3fb81ba50a02b69ed545076bf874dc195561ce15e444 python3-libipa_hbac-2.11.1-2.el10_1.1.x86_64.rpm bf2426a3db93e0f42bcee926799138f821110cc4d8edf8a8b0274b593ab49da7 python3-libsss_nss_idmap-2.11.1-2.el10_1.1.x86_64.rpm 20e8c6b131f9167a69e170129ef17aca288a6c55452f2888c1e5092efb89c64a python3-sss-2.11.1-2.el10_1.1.x86_64.rpm 151dd9683e8d4a72d5465ace307186c0a341123caf70a2c9ec644eb538afd148 python3-sssdconfig-2.11.1-2.el10_1.1.noarch.rpm 036504dffa0918523b3b78d455c0d71feed0cdb451db730df99b6355a3b0c825 python3-sss-murmur-2.11.1-2.el10_1.1.x86_64.rpm 556d1171a17888ee476be668912994cb3b814707b9debc5f4841cd877873b932 sssd-2.11.1-2.el10_1.1.x86_64.rpm 32ca5cf0b49d9b039442b15112407cfa31a256783f6edbb0e8e86e864b8e480d sssd-ad-2.11.1-2.el10_1.1.x86_64.rpm 9f364b807b641ed843dd09bc94c3b3aadb53022301741c15c73c7425aaecc1e8 sssd-client-2.11.1-2.el10_1.1.x86_64.rpm 3da0afdb004952939789b2210e748427314fc81317e5635d170350e447b644fa sssd-common-2.11.1-2.el10_1.1.x86_64.rpm 6d44acd9118801009c5c8518e3d4c7c6d803e95c6df7c327d07077e91846f67d sssd-common-pac-2.11.1-2.el10_1.1.x86_64.rpm f369f2c8a9615cc10ee483cfae94a7303552ddf994ccb8e31cdb398e971d7858 sssd-dbus-2.11.1-2.el10_1.1.x86_64.rpm e08ef54e631b00dfa2df1da0b9829b2292a5bacae488999fefbb25fadf99fce6 sssd-ipa-2.11.1-2.el10_1.1.x86_64.rpm fb92e039ddaf20794ab899b6548cba92ad8ddf780cd2cc6e3b9d6442350b2146 sssd-kcm-2.11.1-2.el10_1.1.x86_64.rpm 5e9173ba3870ba74df9882d25d5bfb0de981abb0729be856250e1ae1ca8f4fb0 sssd-krb5-2.11.1-2.el10_1.1.x86_64.rpm 477de127d125bb4c3837aa7d98d9df1e9b49b12914b3230c92e6a014f3bebc7f sssd-krb5-common-2.11.1-2.el10_1.1.x86_64.rpm f602fa53e2d3a4b6a2cb9d601b083d78d52c888ce712be1e52e441c398eb3d05 sssd-ldap-2.11.1-2.el10_1.1.x86_64.rpm 74e7662fe637e4793fa40a66046234fcddb8887a1bf2e2595526899d4202c12e sssd-nfs-idmap-2.11.1-2.el10_1.1.x86_64.rpm ee908eb3aa05068d151c0354ea67fe3b78a6a52d23d653167bc2a573ab6f466c sssd-passkey-2.11.1-2.el10_1.1.x86_64.rpm c7b90178c33b98029e1932b5d6607e87b1955e8e0876be4b56e27beb29066db6 sssd-proxy-2.11.1-2.el10_1.1.x86_64.rpm f468f2c7e8a5c91374d378eb0c0d3e1b5bcb8434e0edd4681dcf21305e257ab8 sssd-tools-2.11.1-2.el10_1.1.x86_64.rpm a526fd4ab76319a529be5bba801ac0cee6023676586c7da8efed17ee5b13f7e4 sssd-winbind-idmap-2.11.1-2.el10_1.1.x86_64.rpm f801e7133fce40a14849206d73aedb527048d7f093dd6736d40e563525f7340f RLSA-2025:21038 Important: kea security update Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Invalid characters cause assert (CVE-2025-11232) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-x86-64-baseos-rpms kea-3.0.1-2.el10_1.x86_64.rpm b5f4e651c4525c608aae80acc54d49f46370ead7f521035d1ddce8b30f8a9ac9 kea-libs-3.0.1-2.el10_1.x86_64.rpm 80fd323f41516ab4e4dc0941e4f57d782fa8b0bddbf30073fa63f43684b9244a