Security update for kea SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:20341-1 Final 1 1 2026-03-11T08:51:21Z current 2026-03-11T08:51:21Z 2026-03-11T08:51:21Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kea This update for kea fixes the following issues: Update to release 3.0.1: - CVE-2025-40779: Fixed crash upon interaction between specific client options and subnet selection (bsc#1248801). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Leap-16.0-370 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1248801 SUSE Bug 1248801 https://www.suse.com/security/cve/CVE-2025-40779/ SUSE CVE CVE-2025-40779 page openSUSE Leap 16.0 kea-3.0.1-160000.1.1 kea-devel-3.0.1-160000.1.1 kea-doc-3.0.1-160000.1.1 kea-hooks-3.0.1-160000.1.1 libkea-asiodns62-3.0.1-160000.1.1 libkea-asiolink88-3.0.1-160000.1.1 libkea-cc82-3.0.1-160000.1.1 libkea-cfgrpt3-3.0.1-160000.1.1 libkea-config83-3.0.1-160000.1.1 libkea-cryptolink64-3.0.1-160000.1.1 libkea-d2srv63-3.0.1-160000.1.1 libkea-database76-3.0.1-160000.1.1 libkea-dhcp109-3.0.1-160000.1.1 libkea-dhcp_ddns68-3.0.1-160000.1.1 libkea-dhcpsrv130-3.0.1-160000.1.1 libkea-dns71-3.0.1-160000.1.1 libkea-eval84-3.0.1-160000.1.1 libkea-exceptions45-3.0.1-160000.1.1 libkea-hooks119-3.0.1-160000.1.1 libkea-http87-3.0.1-160000.1.1 libkea-log-interprocess3-3.0.1-160000.1.1 libkea-log75-3.0.1-160000.1.1 libkea-mysql88-3.0.1-160000.1.1 libkea-pgsql88-3.0.1-160000.1.1 libkea-process90-3.0.1-160000.1.1 libkea-stats53-3.0.1-160000.1.1 libkea-tcp33-3.0.1-160000.1.1 libkea-util-io12-3.0.1-160000.1.1 libkea-util101-3.0.1-160000.1.1 python3-kea-3.0.1-160000.1.1 kea-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 kea-devel-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 kea-doc-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 kea-hooks-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-asiodns62-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-asiolink88-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-cc82-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-cfgrpt3-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-config83-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-cryptolink64-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-d2srv63-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-database76-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-dhcp109-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-dhcp_ddns68-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-dhcpsrv130-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-dns71-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-eval84-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-exceptions45-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-hooks119-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-http87-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-log-interprocess3-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-log75-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-mysql88-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-pgsql88-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-process90-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-stats53-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-tcp33-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-util-io12-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 libkea-util101-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 python3-kea-3.0.1-160000.1.1 as a component of openSUSE Leap 16.0 If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens only if the client request is unicast directly to Kea; broadcast messages do not cause the problem. This issue affects Kea versions 2.7.1 through 2.7.9, 3.0.0, and 3.1.0. CVE-2025-40779 openSUSE Leap 16.0:kea-3.0.1-160000.1.1 openSUSE Leap 16.0:kea-devel-3.0.1-160000.1.1 openSUSE Leap 16.0:kea-doc-3.0.1-160000.1.1 openSUSE Leap 16.0:kea-hooks-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-asiodns62-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-asiolink88-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-cc82-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-cfgrpt3-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-config83-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-cryptolink64-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-d2srv63-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-database76-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-dhcp109-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-dhcp_ddns68-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-dhcpsrv130-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-dns71-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-eval84-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-exceptions45-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-hooks119-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-http87-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-log-interprocess3-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-log75-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-mysql88-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-pgsql88-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-process90-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-stats53-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-tcp33-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-util-io12-3.0.1-160000.1.1 openSUSE Leap 16.0:libkea-util101-3.0.1-160000.1.1 openSUSE Leap 16.0:python3-kea-3.0.1-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-40779.html CVE-2025-40779 https://bugzilla.suse.com/1248801 SUSE Bug 1248801