Описание
Important: kea security update
DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon.
Security Fix(es):
-
kea: Loading a malicious hook library can lead to local privilege escalation (CVE-2025-32801)
-
kea: Insecure handling of file paths allows multiple local attacks (CVE-2025-32802)
-
kea: Insecure file permissions can result in confidential information leakage (CVE-2025-32803)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 10
Связанные CVE
Исправления
- Red Hat - 2366362
- Red Hat - 2367495
- Red Hat - 2367496
Связанные уязвимости
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.