Home / mailings [USN-8403-1] Kea DHCP vulnerability
Posted on 08 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8403-1
June 08, 2026
isc-kea vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
Summary:
Kea DHCP could be made to crash if it received specially crafted messages.
Software Description:
- isc-kea: Standards-based DHCP server
Details:
Ali Norouzi discovered that Kea DHCP did not properly handle maliciously
crafted messages over configured API sockets and HA listeners. A remote
attacker could possibly use this issue to cause Kea DHCP to crash,
resulting in a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
kea-admin 2.6.3-2ubuntu0.1
kea-common 2.6.3-2ubuntu0.1
kea-dhcp-ddns-server 2.6.3-2ubuntu0.1
kea-dhcp4-server 2.6.3-2ubuntu0.1
kea-dhcp6-server 2.6.3-2ubuntu0.1
Ubuntu 24.04 LTS
kea-admin 2.4.1-3ubuntu0.2
kea-common 2.4.1-3ubuntu0.2
kea-dhcp-ddns-server 2.4.1-3ubuntu0.2
kea-dhcp4-server 2.4.1-3ubuntu0.2
kea-dhcp6-server 2.4.1-3ubuntu0.2
After a standard system update you may need to restart Kea DHCP server
instances to make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8403-1
CVE-2026-3608
Package Information:
https://launchpad.net/ubuntu/+source/isc-kea/2.6.3-2ubuntu0.1
https://launchpad.net/ubuntu/+source/isc-kea/2.4.1-3ubuntu0.2
--===============3543074311336625529==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
