RHEL 10 : kea (RHSA-2026:11344)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11344 advisory. DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers...

SUSE SLES15 Security Update : kea (SUSE-SU-2026:1548-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1548-1 advisory. Update to release 2.6.5. Security issues fixed: - CVE-2026-3608: stack overflow error via specially crafted message to the kea-ctrl-agent,...

SUSE-SU-2026:1548-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.5. Security issues fixed: - CVE-2026-3608: stack overflow error via specially crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemonsbsc1260380. Other updates and bugfixes: - A null dereference is...

Oracle Linux 10 : kea (ELSA-2026-7342)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-7342 advisory. 3.0.1-3 - Fixes CVE-2026-3608 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

AlmaLinux 10 : kea (ALSA-2026:7342)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:7342 advisory. Kea: Kea: Denial of Service via maliciously crafted message CVE-2026-3608 Tenable has extracted the preceding description block directly from the AlmaLinux securi...

SUSE: Security Advisory (SUSE-SU-2026:20989-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kea security update

3.0.1-3 - Fixes CVE-2026-3608...

Important: Red Hat Security Advisory: kea security update

An update for kea is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

RHEL 10 : kea (RHSA-2026:7342)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:7342 advisory. DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers...

ALSA-2026:7342 Important: kea security update

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

OPENSUSE-SU-2026:20452-1 Security update for kea

This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...

SUSE-SU-2026:20989-1 Security update for kea

This update for kea fixes the following issues: Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message bsc1260380. Changelog: A large number of bracket pairs in a JSON payload directed to any endpoint would...

Fedora 45 : kea (2026-11e168602c)

The remote Fedora 45 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-11e168602c advisory. Automatic update for kea-3.0.3-1.fc45. Changelog Thu Mar 26 2026 Martin Osvald - 3.0.3-1 - New version 3.0.3 rhbz2451141 - Fixes CVE-2026-3608 rhbz2451621...

CVE-2026-3608 Stack overflow in Kea daemons

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...