Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <e969cce7-9c38-4b6e-85be-2046be464452@isc.org>
Date: Wed, 27 Aug 2025 15:30:52 -0400
From: Ben Scott <bscott@....org>
To: oss-security@...ts.openwall.com
Cc: security-officer@....org
Subject: ISC has disclosed one vulnerability in Kea (CVE-2025-40779)


On 27 August 2025 we (Internet Systems Consortium) disclosed one 
vulnerability affecting our Kea software:

- CVE-2025-40779: Kea crash upon interaction between specific client 
options and subnet selection https://kb.isc.org/docs/cve-2025-40779

New versions of Kea are available at the following URLs:

Stable: https://downloads.isc.org/isc/kea/3.0.1/

Development: https://downloads.isc.org/isc/kea/3.1.1/

With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.

-- 
Ben Scott <bscott@....org>
Support Engineer
Internet Systems Consortium

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.