Context Navigation

← Previous Ticket
Next Ticket →

#21652 closed enhancement (fixed)

kea-2.6.3

Reported by:	Bruce Dubbs	Owned by:	thomas
Priority:	high	Milestone:	12.4
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 8 months ago

Owner:	changed from blfs-book to thomas
Priority:	normal → high

Fixes three security issues. I brought this up to Thomas in IRC and he said he'd take a look into it!

CVEs fixed are:

CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation https://kb.isc.org/docs/cve-2025-32801
CVE-2025-32802: Insecure handling of file paths allows multiple local attacks https://kb.isc.org/docs/cve-2025-32802
CVE-2025-32803: Insecure file permissions can result in confidential information leakage https://kb.isc.org/docs/cve-2025-32803

Extensive details including exploitation details and proof of concept exploits are now public at https://seclists.org/oss-sec/2025/q2/177 as of a few minutes ago

comment:2 by thomas, 8 months ago

Status:	new → assigned

The boost patch seems to be no longer needed. Nice.

comment:3 by thomas, 8 months ago

In [58a6718058] we upgraded to 2.6.3 and changed the sample configuration files the way that the data files (here: lease files) as well as the logs are stored in separate dirs.

The instructions has been expanded by two commands to make those dirs not world-readable. CVE-2025-32803 has defined this as a security flaw. Now, those data are stores in dirs with permission 0750 - no access to the files if not 'root' or in group 'root. AFAICS, thee other CVEs are fixed by the package upgrade.

comment:4 by thomas, 8 months ago

Resolution:	→ fixed
Status:	assigned → closed

SA-040 added.

Note: See TracTickets for help on using tickets.

Download in other formats: