kea-2.6.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16243 Final 1 1 2025-05-30T00:00:00Z current 2025-05-30T00:00:00Z 2025-05-30T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kea-2.6.3-1.1 on GA media These are all security issues fixed in the kea-2.6.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16243 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-32801/ SUSE CVE CVE-2025-32801 page https://www.suse.com/security/cve/CVE-2025-32802/ SUSE CVE CVE-2025-32802 page https://www.suse.com/security/cve/CVE-2025-32803/ SUSE CVE CVE-2025-32803 page openSUSE Tumbleweed kea-2.6.3-1.1 kea-devel-2.6.3-1.1 kea-doc-2.6.3-1.1 kea-hooks-2.6.3-1.1 libkea-asiodns49-2.6.3-1.1 libkea-asiolink72-2.6.3-1.1 libkea-cc68-2.6.3-1.1 libkea-cfgclient66-2.6.3-1.1 libkea-cryptolink50-2.6.3-1.1 libkea-d2srv47-2.6.3-1.1 libkea-database62-2.6.3-1.1 libkea-dhcp++92-2.6.3-1.1 libkea-dhcp_ddns57-2.6.3-1.1 libkea-dhcpsrv111-2.6.3-1.1 libkea-dns++57-2.6.3-1.1 libkea-eval69-2.6.3-1.1 libkea-exceptions33-2.6.3-1.1 libkea-hooks100-2.6.3-1.1 libkea-http72-2.6.3-1.1 libkea-log61-2.6.3-1.1 libkea-mysql71-2.6.3-1.1 libkea-pgsql71-2.6.3-1.1 libkea-process74-2.6.3-1.1 libkea-stats41-2.6.3-1.1 libkea-tcp19-2.6.3-1.1 libkea-util-io0-2.6.3-1.1 libkea-util86-2.6.3-1.1 python3-kea-2.6.3-1.1 kea-2.6.3-1.1 as a component of openSUSE Tumbleweed kea-devel-2.6.3-1.1 as a component of openSUSE Tumbleweed kea-doc-2.6.3-1.1 as a component of openSUSE Tumbleweed kea-hooks-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-asiodns49-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-asiolink72-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-cc68-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-cfgclient66-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-cryptolink50-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-d2srv47-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-database62-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-dhcp++92-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-dhcp_ddns57-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-dhcpsrv111-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-dns++57-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-eval69-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-exceptions33-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-hooks100-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-http72-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-log61-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-mysql71-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-pgsql71-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-process74-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-stats41-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-tcp19-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-util-io0-2.6.3-1.1 as a component of openSUSE Tumbleweed libkea-util86-2.6.3-1.1 as a component of openSUSE Tumbleweed python3-kea-2.6.3-1.1 as a component of openSUSE Tumbleweed Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32801 openSUSE Tumbleweed:kea-2.6.3-1.1 openSUSE Tumbleweed:kea-devel-2.6.3-1.1 openSUSE Tumbleweed:kea-doc-2.6.3-1.1 openSUSE Tumbleweed:kea-hooks-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiodns49-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiolink72-2.6.3-1.1 openSUSE Tumbleweed:libkea-cc68-2.6.3-1.1 openSUSE Tumbleweed:libkea-cfgclient66-2.6.3-1.1 openSUSE Tumbleweed:libkea-cryptolink50-2.6.3-1.1 openSUSE Tumbleweed:libkea-d2srv47-2.6.3-1.1 openSUSE Tumbleweed:libkea-database62-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp++92-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp_ddns57-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcpsrv111-2.6.3-1.1 openSUSE Tumbleweed:libkea-dns++57-2.6.3-1.1 openSUSE Tumbleweed:libkea-eval69-2.6.3-1.1 openSUSE Tumbleweed:libkea-exceptions33-2.6.3-1.1 openSUSE Tumbleweed:libkea-hooks100-2.6.3-1.1 openSUSE Tumbleweed:libkea-http72-2.6.3-1.1 openSUSE Tumbleweed:libkea-log61-2.6.3-1.1 openSUSE Tumbleweed:libkea-mysql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-pgsql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-process74-2.6.3-1.1 openSUSE Tumbleweed:libkea-stats41-2.6.3-1.1 openSUSE Tumbleweed:libkea-tcp19-2.6.3-1.1 openSUSE Tumbleweed:libkea-util-io0-2.6.3-1.1 openSUSE Tumbleweed:libkea-util86-2.6.3-1.1 openSUSE Tumbleweed:python3-kea-2.6.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32801.html CVE-2025-32801 https://bugzilla.suse.com/1243240 SUSE Bug 1243240 Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32802 openSUSE Tumbleweed:kea-2.6.3-1.1 openSUSE Tumbleweed:kea-devel-2.6.3-1.1 openSUSE Tumbleweed:kea-doc-2.6.3-1.1 openSUSE Tumbleweed:kea-hooks-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiodns49-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiolink72-2.6.3-1.1 openSUSE Tumbleweed:libkea-cc68-2.6.3-1.1 openSUSE Tumbleweed:libkea-cfgclient66-2.6.3-1.1 openSUSE Tumbleweed:libkea-cryptolink50-2.6.3-1.1 openSUSE Tumbleweed:libkea-d2srv47-2.6.3-1.1 openSUSE Tumbleweed:libkea-database62-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp++92-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp_ddns57-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcpsrv111-2.6.3-1.1 openSUSE Tumbleweed:libkea-dns++57-2.6.3-1.1 openSUSE Tumbleweed:libkea-eval69-2.6.3-1.1 openSUSE Tumbleweed:libkea-exceptions33-2.6.3-1.1 openSUSE Tumbleweed:libkea-hooks100-2.6.3-1.1 openSUSE Tumbleweed:libkea-http72-2.6.3-1.1 openSUSE Tumbleweed:libkea-log61-2.6.3-1.1 openSUSE Tumbleweed:libkea-mysql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-pgsql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-process74-2.6.3-1.1 openSUSE Tumbleweed:libkea-stats41-2.6.3-1.1 openSUSE Tumbleweed:libkea-tcp19-2.6.3-1.1 openSUSE Tumbleweed:libkea-util-io0-2.6.3-1.1 openSUSE Tumbleweed:libkea-util86-2.6.3-1.1 openSUSE Tumbleweed:python3-kea-2.6.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32802.html CVE-2025-32802 https://bugzilla.suse.com/1243240 SUSE Bug 1243240 In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32803 openSUSE Tumbleweed:kea-2.6.3-1.1 openSUSE Tumbleweed:kea-devel-2.6.3-1.1 openSUSE Tumbleweed:kea-doc-2.6.3-1.1 openSUSE Tumbleweed:kea-hooks-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiodns49-2.6.3-1.1 openSUSE Tumbleweed:libkea-asiolink72-2.6.3-1.1 openSUSE Tumbleweed:libkea-cc68-2.6.3-1.1 openSUSE Tumbleweed:libkea-cfgclient66-2.6.3-1.1 openSUSE Tumbleweed:libkea-cryptolink50-2.6.3-1.1 openSUSE Tumbleweed:libkea-d2srv47-2.6.3-1.1 openSUSE Tumbleweed:libkea-database62-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp++92-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcp_ddns57-2.6.3-1.1 openSUSE Tumbleweed:libkea-dhcpsrv111-2.6.3-1.1 openSUSE Tumbleweed:libkea-dns++57-2.6.3-1.1 openSUSE Tumbleweed:libkea-eval69-2.6.3-1.1 openSUSE Tumbleweed:libkea-exceptions33-2.6.3-1.1 openSUSE Tumbleweed:libkea-hooks100-2.6.3-1.1 openSUSE Tumbleweed:libkea-http72-2.6.3-1.1 openSUSE Tumbleweed:libkea-log61-2.6.3-1.1 openSUSE Tumbleweed:libkea-mysql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-pgsql71-2.6.3-1.1 openSUSE Tumbleweed:libkea-process74-2.6.3-1.1 openSUSE Tumbleweed:libkea-stats41-2.6.3-1.1 openSUSE Tumbleweed:libkea-tcp19-2.6.3-1.1 openSUSE Tumbleweed:libkea-util-io0-2.6.3-1.1 openSUSE Tumbleweed:libkea-util86-2.6.3-1.1 openSUSE Tumbleweed:python3-kea-2.6.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-32803.html CVE-2025-32803 https://bugzilla.suse.com/1243240 SUSE Bug 1243240