Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

openSUSE Leap 16.0 kea Important Fix Stack Overflow 2026-20452-1

opensuse
Calendar Grey April 2, 2026
Dist Opensuse Esm H88
Two important security issues identified in openSUSE's kea have been addressed with updates to enhance system integrity and performance.
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for kea fixes the following issues:

Update to 3.0.3:

- CVE-2025-11232: invalid characters cause assert (bsc#1252863).

- CVE-2026-3608: stack overflow via maliciously crafted message (bsc#1260380).

Changelog:

* A large number of bracket pairs in a JSON payload directed to

any endpoint would result in a stack overflow, due to recursive

calls when parsing the JSON. This has been fixed.

(CVE-2026-3608)

[bsc#1260380]

* When a hostname or FQDN received from a client is reduced to an

empty string by hostname sanitizing, kea-dhcp4 and kea-dhcp6

will now drop the option.

(CVE-2025-11232)

[bsc#1252863]

* A null dereference is now no longer possible when configuring

the Control Agent with a socket that lacks the mandatory

socket-name entry.

* UNIX sockets are now created as group-writable.

* Removed logging an error in ping check hook library if using

lease cache treshold.

* Fixed deadlock in ping-check hooks library.

* Fixed a data race in ping-check hooks...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update important stack overflow OpenSUSE invalid characters

Patch

Package List

- openSUSE Leap 16.0:

kea-3.0.3-160000.1.1

kea-devel-3.0.3-160000.1.1

kea-doc-3.0.3-160000.1.1

kea-hooks-3.0.3-160000.1.1

libkea-asiodns62-3.0.3-160000.1.1

libkea-asiolink88-3.0.3-160000.1.1

libkea-cc83-3.0.3-160000.1.1

libkea-cfgrpt3-3.0.3-160000.1.1

libkea-config84-3.0.3-160000.1.1

libkea-cryptolink64-3.0.3-160000.1.1

libkea-d2srv63-3.0.3-160000.1.1

libkea-database76-3.0.3-160000.1.1

libkea-dhcp109-3.0.3-160000.1.1

libkea-dhcp_ddns68-3.0.3-160000.1.1

libkea-dhcpsrv131-3.0.3-160000.1.1

libkea-dns71-3.0.3-160000.1.1

libkea-eval84-3.0.3-160000.1.1

libkea-exceptions45-3.0.3-160000.1.1

libkea-hooks121-3.0.3-160000.1.1

libkea-http87-3.0.3-160000.1.1

libkea-log-interprocess3-3.0.3-160000.1.1

libkea-log75-3.0.3-160000.1.1

libkea-mysql88-3.0.3-160000.1.1

libkea-pgsql88-3.0.3-160000.1.1

libkea-process91-3.0.3-160000.1.1

libkea-stats53-3.0.3-160000.1.1

libkea-tcp33-3.0.3-160000.1.1

libkea-util-io12-3.0.3-160000.1.1

libkea-util102-3.0.3-160000.1.1

python3-kea-3.0.3-160000.1.1

References

* bsc#1252863

* bsc#1260380

References:

* https://www.suse.com/security/cve/CVE-2025-11232.html

* https://www.suse.com/security/cve/CVE-2026-3608.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20452-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory security update important stack overflow OpenSUSE invalid characters

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here