==========================================================================
Ubuntu Security Notice USN-8403-1
June 08, 2026

isc-kea vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS

Summary:

Kea DHCP could be made to crash if it received specially crafted messages.

Software Description:
- isc-kea: Standards-based DHCP server

Details:

Ali Norouzi discovered that Kea DHCP did not properly handle maliciously
crafted messages over configured API sockets and HA listeners. A remote
attacker could possibly use this issue to cause Kea DHCP to crash,
resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  kea-admin                       2.6.3-2ubuntu0.1
  kea-common                      2.6.3-2ubuntu0.1
  kea-dhcp-ddns-server            2.6.3-2ubuntu0.1
  kea-dhcp4-server                2.6.3-2ubuntu0.1
  kea-dhcp6-server                2.6.3-2ubuntu0.1

Ubuntu 24.04 LTS
  kea-admin                       2.4.1-3ubuntu0.2
  kea-common                      2.4.1-3ubuntu0.2
  kea-dhcp-ddns-server            2.4.1-3ubuntu0.2
  kea-dhcp4-server                2.4.1-3ubuntu0.2
  kea-dhcp6-server                2.4.1-3ubuntu0.2

After a standard system update you may need to restart Kea DHCP server
instances to make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8403-1
  CVE-2026-3608

Package Information:
  https://launchpad.net/ubuntu/+source/isc-kea/2.6.3-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/isc-kea/2.4.1-3ubuntu0.2

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to