Kea users:
Internet Systems Consortium is pleased to announce the release of Kea 2.4.2,
2.6.3 and 2.7.9. Please note that all three of these releases contain fixes
addressing multiple security issues detailed in three CVEs published today.
CVE-2025-32801: Loading a malicious hook library can lead to local privilege
escalation https://kb.isc.org/docs/cve-2025-32801
CVE-2025-32802: Insecure handling of file paths allows multiple local attacks
https://kb.isc.org/docs/cve-2025-32802
CVE-2025-32803: Insecure file permissions can result in confidential
information leakage https://kb.isc.org/docs/cve-2025-32803
Kea 2.4.2 is expected to be our last release on that old stable branch, which
we will be retiring with the release of Kea 3.0, expected in June.
Kea 2.6.3 is our current stable version.
Release notes for these two versions are available at:
Kea 2.4.2 https://downloads.isc.org/isc/kea/2.4.2/Kea-2.4.2-ReleaseNotes.txt
Kea 2.6.3 https://downloads.isc.org/isc/kea/2.6.3/Kea-2.6.3-ReleaseNotes.txt
Releases in the Kea 2.7.x sequence are part of the Kea development branch,
where new features are provided for testing and evaluation before the branch is
designated stable and recommended for production use.
Release notes for the development version are available at:
https://downloads.isc.org/isc/kea/2.7.9/Kea-2.7.9-ReleaseNotes.txt
Source tarballs and packages are available from our Cloudsmith repositories at
https://cloudsmith.io/~isc/repos/kea-2-4/groups/ and
https://cloudsmith.io/~isc/repos/kea-2-6/groups/ for the stable versions and
https://cloudsmith.io/~isc/repos/kea-dev/packages/ for the development version.
All releases are also available from the ISC download page at
https://www.isc.org/download/#Kea.
Thank you for using ISC’s software!
--
kea-announce mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/kea-announce
