FERRAMENTAS LINUX: Fedora 41 Security Update: Critical Kea DHCP Vulnerabilities Patched (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)

quinta-feira, 19 de junho de 2025

Fedora 41 Security Update: Critical Kea DHCP Vulnerabilities Patched (CVE-2025-32801, CVE-2025-32802, CVE-2025-32803)

Fedora 41 patches critical Kea DHCP vulnerabilities (CVE-2025-32801/2/3) with v2.6.3. Fixes include secure API auth, file permission hardening, and local attack prevention. Learn how to update and secure your network infrastructure.

Key Security Risks and Fixes in Kea DHCP 2.6.3

The latest Fedora 41 update addresses three critical vulnerabilities in Kea DHCP, the advanced open-source DHCP server from Internet Systems Consortium (ISC). These flaws could allow local privilege escalation, information leaks, and path traversal attacks.

🔒 Fixed CVEs & Security Enhancements

CVE-2025-32801: Malicious hook library loading could lead to privilege escalation.

CVE-2025-32802: Insecure file path handling enabled local attacks.

CVE-2025-32803: Weak file permissions risked confidential data exposure.

🛠️ Key Changes in Kea 2.6.3

✔ Removed /tmp/ from socket paths (prevents hijacking)

✔ Auto-generated secure passwords for fresh installations

✔ Stricter directory permissions to block unauthorized access

✔ Fixed lease ownership issues when switching from root to kea user

Why This Update Matters for SysAdmins & Enterprises

Kea DHCP is a mission-critical component for enterprise networks, cloud deployments, and data centers. The latest patches ensure:

✅ Secure REST API access (via auto-configured password-file)

✅ Reduced attack surface (removing `/tmp/ dependencies)

✅ Compliance-friendly hardening (least privilege enforcement)

🚀 Update Instructions

Run:

sudo dnf upgrade --advisory FEDORA-2025-b870671130

For detailed release notes, visit:
🔗 ISC Kea 2.6.3 Release Notes

Páginas