Security update for kea SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0907-1 Final 1 1 2026-03-17T16:32:34Z current 2026-03-17T16:32:34Z 2026-03-17T16:32:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kea This update for kea fixes the following issues: Update to release 2.6.3 (bsc#1243240): - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissions can result in confidential information leakage. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-907,SUSE-SLE-Module-Basesystem-15-SP7-2026-907,SUSE-SLE-Module-Server-Applications-15-SP7-2026-907 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260907-1/ Link for SUSE-SU-2026:0907-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024700.html E-Mail link for SUSE-SU-2026:0907-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243240 SUSE Bug 1243240 https://www.suse.com/security/cve/CVE-2025-32801/ SUSE CVE CVE-2025-32801 page https://www.suse.com/security/cve/CVE-2025-32802/ SUSE CVE CVE-2025-32802 page https://www.suse.com/security/cve/CVE-2025-32803/ SUSE CVE CVE-2025-32803 page SUSE Linux Enterprise Module for Basesystem 15 SP7 SUSE Linux Enterprise Module for Server Applications 15 SP7 kea-2.6.3-150700.3.3.5 kea-devel-2.6.3-150700.3.3.5 kea-doc-2.6.3-150700.3.3.5 kea-hooks-2.6.3-150700.3.3.5 libkea-asiodns49-2.6.3-150700.3.3.5 libkea-asiolink72-2.6.3-150700.3.3.5 libkea-cc68-2.6.3-150700.3.3.5 libkea-cfgclient66-2.6.3-150700.3.3.5 libkea-cryptolink50-2.6.3-150700.3.3.5 libkea-d2srv47-2.6.3-150700.3.3.5 libkea-database62-2.6.3-150700.3.3.5 libkea-dhcp++92-2.6.3-150700.3.3.5 libkea-dhcp_ddns57-2.6.3-150700.3.3.5 libkea-dhcpsrv111-2.6.3-150700.3.3.5 libkea-dns++57-2.6.3-150700.3.3.5 libkea-eval69-2.6.3-150700.3.3.5 libkea-exceptions33-2.6.3-150700.3.3.5 libkea-hooks100-2.6.3-150700.3.3.5 libkea-http72-2.6.3-150700.3.3.5 libkea-log61-2.6.3-150700.3.3.5 libkea-mysql71-2.6.3-150700.3.3.5 libkea-pgsql71-2.6.3-150700.3.3.5 libkea-process74-2.6.3-150700.3.3.5 libkea-stats41-2.6.3-150700.3.3.5 libkea-tcp19-2.6.3-150700.3.3.5 libkea-util-io0-2.6.3-150700.3.3.5 libkea-util86-2.6.3-150700.3.3.5 python3-kea-2.6.3-150700.3.3.5 python3-kea-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP7 kea-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 kea-devel-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 kea-doc-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 kea-hooks-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-asiodns49-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-asiolink72-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-cc68-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-cfgclient66-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-cryptolink50-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-d2srv47-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-database62-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-dhcp++92-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-dhcp_ddns57-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-dhcpsrv111-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-dns++57-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-eval69-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-exceptions33-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-hooks100-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-http72-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-log61-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-mysql71-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-pgsql71-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-process74-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-stats41-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-tcp19-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-util-io0-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 libkea-util86-2.6.3-150700.3.3.5 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32801 SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-devel-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-doc-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-hooks-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiodns49-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiolink72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cc68-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cfgclient66-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cryptolink50-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-d2srv47-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-database62-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp++92-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp_ddns57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcpsrv111-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dns++57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-eval69-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-exceptions33-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-hooks100-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-http72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-log61-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-mysql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-pgsql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-process74-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-stats41-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-tcp19-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util-io0-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util86-2.6.3-150700.3.3.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260907-1/ https://www.suse.com/security/cve/CVE-2025-32801.html CVE-2025-32801 https://bugzilla.suse.com/1243240 SUSE Bug 1243240 Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured by default, and/or place the control sockets in insecure paths. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32802 SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-devel-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-doc-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-hooks-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiodns49-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiolink72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cc68-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cfgclient66-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cryptolink50-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-d2srv47-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-database62-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp++92-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp_ddns57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcpsrv111-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dns++57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-eval69-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-exceptions33-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-hooks100-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-http72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-log61-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-mysql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-pgsql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-process74-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-stats41-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-tcp19-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util-io0-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util86-2.6.3-150700.3.3.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260907-1/ https://www.suse.com/security/cve/CVE-2025-32802.html CVE-2025-32802 https://bugzilla.suse.com/1243240 SUSE Bug 1243240 In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. CVE-2025-32803 SUSE Linux Enterprise Module for Basesystem 15 SP7:python3-kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-devel-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-doc-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:kea-hooks-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiodns49-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-asiolink72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cc68-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cfgclient66-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-cryptolink50-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-d2srv47-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-database62-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp++92-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcp_ddns57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dhcpsrv111-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-dns++57-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-eval69-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-exceptions33-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-hooks100-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-http72-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-log61-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-mysql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-pgsql71-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-process74-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-stats41-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-tcp19-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util-io0-2.6.3-150700.3.3.5 SUSE Linux Enterprise Module for Server Applications 15 SP7:libkea-util86-2.6.3-150700.3.3.5 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260907-1/ https://www.suse.com/security/cve/CVE-2025-32803.html CVE-2025-32803 https://bugzilla.suse.com/1243240 SUSE Bug 1243240