Security update for kea
| Announcement ID: | SUSE-SU-2026:20989-1 |
|---|---|
| Release Date: | 2026-04-01T09:24:21Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves two vulnerabilities can now be installed.
Description:
This update for kea fixes the following issues:
Update to 3.0.3:
- CVE-2025-11232: invalid characters cause assert (bsc#1252863).
- CVE-2026-3608: stack overflow via maliciously crafted message (bsc#1260380).
Changelog:
- A large number of bracket pairs in a JSON payload directed to any endpoint would result in a stack overflow, due to recursive calls when parsing the JSON. This has been fixed. (CVE-2026-3608) [bsc#1260380]
- When a hostname or FQDN received from a client is reduced to an empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6 will now drop the option. (CVE-2025-11232) [bsc#1252863]
- A null dereference is now no longer possible when configuring the Control Agent with a socket that lacks the mandatory socket-name entry.
- UNIX sockets are now created as group-writable.
- Removed logging an error in ping check hook library if using lease cache treshold.
- Fixed deadlock in ping-check hooks library.
- Fixed a data race in ping-check hooks library.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server - BCI 16.0
zypper in -t patch SUSE-SLES-16.0-470=1
Package List:
-
SUSE Linux Enterprise Server - BCI 16.0 (aarch64 ppc64le s390x x86_64)
- libkea-log75-3.0.3-160000.1.1
- libkea-dns71-3.0.3-160000.1.1
- kea-hooks-3.0.3-160000.1.1
- libkea-hooks121-3.0.3-160000.1.1
- libkea-stats53-debuginfo-3.0.3-160000.1.1
- libkea-log-interprocess3-3.0.3-160000.1.1
- libkea-log75-debuginfo-3.0.3-160000.1.1
- libkea-dhcp109-debuginfo-3.0.3-160000.1.1
- kea-debugsource-3.0.3-160000.1.1
- libkea-dhcpsrv131-debuginfo-3.0.3-160000.1.1
- libkea-exceptions45-3.0.3-160000.1.1
- libkea-config84-3.0.3-160000.1.1
- libkea-dhcp_ddns68-3.0.3-160000.1.1
- libkea-process91-debuginfo-3.0.3-160000.1.1
- libkea-database76-3.0.3-160000.1.1
- libkea-eval84-debuginfo-3.0.3-160000.1.1
- libkea-config84-debuginfo-3.0.3-160000.1.1
- libkea-stats53-3.0.3-160000.1.1
- libkea-dhcpsrv131-3.0.3-160000.1.1
- libkea-cc83-debuginfo-3.0.3-160000.1.1
- libkea-d2srv63-3.0.3-160000.1.1
- libkea-database76-debuginfo-3.0.3-160000.1.1
- libkea-cfgrpt3-3.0.3-160000.1.1
- kea-devel-debuginfo-3.0.3-160000.1.1
- libkea-util-io12-3.0.3-160000.1.1
- libkea-tcp33-3.0.3-160000.1.1
- libkea-d2srv63-debuginfo-3.0.3-160000.1.1
- libkea-asiolink88-3.0.3-160000.1.1
- libkea-asiolink88-debuginfo-3.0.3-160000.1.1
- libkea-dns71-debuginfo-3.0.3-160000.1.1
- libkea-hooks121-debuginfo-3.0.3-160000.1.1
- libkea-eval84-3.0.3-160000.1.1
- libkea-pgsql88-3.0.3-160000.1.1
- libkea-asiodns62-3.0.3-160000.1.1
- kea-3.0.3-160000.1.1
- libkea-cryptolink64-debuginfo-3.0.3-160000.1.1
- libkea-http87-3.0.3-160000.1.1
- libkea-cfgrpt3-debuginfo-3.0.3-160000.1.1
- libkea-cc83-3.0.3-160000.1.1
- libkea-dhcp_ddns68-debuginfo-3.0.3-160000.1.1
- libkea-mysql88-3.0.3-160000.1.1
- libkea-pgsql88-debuginfo-3.0.3-160000.1.1
- libkea-log-interprocess3-debuginfo-3.0.3-160000.1.1
- python3-kea-3.0.3-160000.1.1
- libkea-util102-3.0.3-160000.1.1
- libkea-asiodns62-debuginfo-3.0.3-160000.1.1
- libkea-tcp33-debuginfo-3.0.3-160000.1.1
- libkea-http87-debuginfo-3.0.3-160000.1.1
- libkea-exceptions45-debuginfo-3.0.3-160000.1.1
- libkea-process91-3.0.3-160000.1.1
- libkea-util102-debuginfo-3.0.3-160000.1.1
- libkea-dhcp109-3.0.3-160000.1.1
- libkea-cryptolink64-3.0.3-160000.1.1
- kea-hooks-debuginfo-3.0.3-160000.1.1
- kea-debuginfo-3.0.3-160000.1.1
- kea-devel-3.0.3-160000.1.1
- libkea-util-io12-debuginfo-3.0.3-160000.1.1
- libkea-mysql88-debuginfo-3.0.3-160000.1.1
-
SUSE Linux Enterprise Server - BCI 16.0 (noarch)
- kea-doc-3.0.3-160000.1.1