kea: Invalid characters cause assert

A flaw was found in Kea. A remote attacker can send specific option content to the kea-dhcp4 server. When the server is configured with specific parameters, an assertion failure can be triggered and cause the kea-dhcp4 process to exit unexpectedly, resulting in a denial of service...

[SECURITY] Fedora 43 Update: kea-3.0.2-1.fc43

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers suppor...

Fedora 42 : kea (2025-92b4ae7199)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-92b4ae7199 advisory. - New version 3.0.1 rhbz2391289 - Fixes CVE-2025-40779 rhbz2391373 Tenable has extracted the preceding description block directly from the Fedora security...

PT-2025-23106

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description In some cases, Kea log files or lease files may be world-readable. Recommendations For Kea versions 2.4.0 through 2.4.1, update to a...

PT-2025-23104

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave...