stable

kea-2.6.3-1.el9

FEDORA-EPEL-2025-a36cdc1182 created by mosvald 6 months ago for Fedora EPEL 9
  • New version 2.6.3 (#2368989)
  • Fix for: CVE-2025-32801, CVE-2025-32802, CVE-2025-32803
  • kea.conf: Remove /tmp/ from socket-name for existing configurations
  • kea.conf: Set pseudo-random password for default config to secure fresh install and allow CA startup without user intervention
  • kea.conf: Restrict directory permissions
  • Sync service files with upstream
  • Fix leases ownership when switching from root to kea user (#2324168)

Release Notes:

The new default configuration file, kea-ctrl-agent.conf, introduces an authentication setting, "password-file", which restricts access to the REST API. On Fedora, the kea-api-password file is automatically populated with a pseudo-random password to secure new installations.

For system upgrades, it is strongly recommended to update any custom configurations to restrict access to the REST API.

For more details, including information on CVE fixes and incompatible changes, refer to the upstream release notes:

https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt

This update has been submitted for testing by mosvald.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update has been pushed to testing.

6 months ago

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please log in to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
6 months ago
in testing
6 months ago
in stable
6 months ago
approved
6 months ago
Builds
1
kea-2.6.3-1.el9
BZ#2324168 System update from F40 to F41: kea-dhcp unusable
0
0
BZ#2368989 kea-2.6.3 is available
0
0
BZ#2369335 CVE-2025-32803 kea: Insecure file permissions can result in confidential information leakage [epel-all]
0
0
BZ#2369381 CVE-2025-32801 kea: Loading a malicious hook library can lead to local privilege escalation [epel-all]
0
0
BZ#2370277 CVE-2025-32802 kea: Insecure handling of file paths allows multiple local attacks [epel-all]
0
0
kea-2.6.3-1.el9

Automated Test Results

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 25.11.2 on bodhi-web-12-knmhk.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

Composes Legal Privacy policy