[Security Advisory] ALSA-2025:9178: kea security update (Important)

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Important Release date: 2025-07-02 Summary: DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Loading a malicious hook library can lead to local privilege escalation (CVE-2025-32801) * kea: Insecure handling of file paths allows multiple local attacks (CVE-2025-32802) * kea: Insecure file permissions can result in confidential information leakage (CVE-2025-32803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-9178.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team
participants (1)
-
AlmaLinux Errata Notifications