Описание
Security update for kea
This update for kea fixes the following issues:
Update to release 3.0.1:
- CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection (bsc#1248801).
Список пакетов
openSUSE Leap 16.0
kea-3.0.1-160000.1.1
kea-devel-3.0.1-160000.1.1
kea-doc-3.0.1-160000.1.1
kea-hooks-3.0.1-160000.1.1
libkea-asiodns62-3.0.1-160000.1.1
libkea-asiolink88-3.0.1-160000.1.1
libkea-cc82-3.0.1-160000.1.1
libkea-cfgrpt3-3.0.1-160000.1.1
libkea-config83-3.0.1-160000.1.1
libkea-cryptolink64-3.0.1-160000.1.1
libkea-d2srv63-3.0.1-160000.1.1
libkea-database76-3.0.1-160000.1.1
libkea-dhcp109-3.0.1-160000.1.1
libkea-dhcp_ddns68-3.0.1-160000.1.1
libkea-dhcpsrv130-3.0.1-160000.1.1
libkea-dns71-3.0.1-160000.1.1
libkea-eval84-3.0.1-160000.1.1
libkea-exceptions45-3.0.1-160000.1.1
libkea-hooks119-3.0.1-160000.1.1
libkea-http87-3.0.1-160000.1.1
libkea-log-interprocess3-3.0.1-160000.1.1
libkea-log75-3.0.1-160000.1.1
libkea-mysql88-3.0.1-160000.1.1
libkea-pgsql88-3.0.1-160000.1.1
libkea-process90-3.0.1-160000.1.1
libkea-stats53-3.0.1-160000.1.1
libkea-tcp33-3.0.1-160000.1.1
libkea-util-io12-3.0.1-160000.1.1
libkea-util101-3.0.1-160000.1.1
python3-kea-3.0.1-160000.1.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1248801
- SUSE CVE CVE-2025-40779 page
Описание
If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0.
Затронутые продукты
openSUSE Leap 16.0:kea-3.0.1-160000.1.1
openSUSE Leap 16.0:kea-devel-3.0.1-160000.1.1
openSUSE Leap 16.0:kea-doc-3.0.1-160000.1.1
openSUSE Leap 16.0:kea-hooks-3.0.1-160000.1.1
Ссылки
- CVE-2025-40779
- SUSE Bug 1248801