Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-362-1 dhcpcd

Debian Security Advisory

DLA-362-1 dhcpcd -- LTS security update

Date Reported:

08 Dec 2015

Affected Packages:

dhcpcd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-6698, CVE-2012-6699, CVE-2012-6700.

More information:

Guido Vranken discovered several memory-related vulnerabilities while fuzzing DHCP messages sent to dhcpcd.

For Debian 6 Squeeze, those issues have been fixed in version 1:3.2.3-5+squeeze2.

• CVE-2012-6698

  Out-of-bounds write with specially crafted DHCP messages.

• CVE-2012-6699

  Out-of-bounds read with specially crafted DHCP messages.

• CVE-2012-6700

  Use after free with specially crafted DHCP messages.