{"affected":[{"ecosystem_specific":{"binaries":[{"python3-kea":"2.6.3-150700.3.3.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP7","name":"kea","purl":"pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.3-150700.3.3.5"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kea":"2.6.3-150700.3.3.5","kea-devel":"2.6.3-150700.3.3.5","kea-doc":"2.6.3-150700.3.3.5","kea-hooks":"2.6.3-150700.3.3.5","libkea-asiodns49":"2.6.3-150700.3.3.5","libkea-asiolink72":"2.6.3-150700.3.3.5","libkea-cc68":"2.6.3-150700.3.3.5","libkea-cfgclient66":"2.6.3-150700.3.3.5","libkea-cryptolink50":"2.6.3-150700.3.3.5","libkea-d2srv47":"2.6.3-150700.3.3.5","libkea-database62":"2.6.3-150700.3.3.5","libkea-dhcp++92":"2.6.3-150700.3.3.5","libkea-dhcp_ddns57":"2.6.3-150700.3.3.5","libkea-dhcpsrv111":"2.6.3-150700.3.3.5","libkea-dns++57":"2.6.3-150700.3.3.5","libkea-eval69":"2.6.3-150700.3.3.5","libkea-exceptions33":"2.6.3-150700.3.3.5","libkea-hooks100":"2.6.3-150700.3.3.5","libkea-http72":"2.6.3-150700.3.3.5","libkea-log61":"2.6.3-150700.3.3.5","libkea-mysql71":"2.6.3-150700.3.3.5","libkea-pgsql71":"2.6.3-150700.3.3.5","libkea-process74":"2.6.3-150700.3.3.5","libkea-stats41":"2.6.3-150700.3.3.5","libkea-tcp19":"2.6.3-150700.3.3.5","libkea-util-io0":"2.6.3-150700.3.3.5","libkea-util86":"2.6.3-150700.3.3.5"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Server Applications 15 SP7","name":"kea","purl":"pkg:rpm/suse/kea&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.6.3-150700.3.3.5"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for kea fixes the following issues:\n\nUpdate to release 2.6.3 (bsc#1243240):\n\n- CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation.\n- CVE-2025-32802: Insecure handling of file paths allows multiple local attacks.\n- CVE-2025-32803: Insecure file permissions can result in confidential information leakage.\n","id":"SUSE-SU-2026:0907-1","modified":"2026-03-17T16:32:34Z","published":"2026-03-17T16:32:34Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-20260907-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243240"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-32801"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-32802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-32803"}],"related":["CVE-2025-32801","CVE-2025-32802","CVE-2025-32803"],"summary":"Security update for kea","upstream":["CVE-2025-32801","CVE-2025-32802","CVE-2025-32803"]}