[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 506-1] dhcpcd5 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : dhcpcd5
Version        : 5.5.6-1+deb7u2
CVE ID         : CVE-2014-7912 CVE-2014-7913
Debian Bug     : N/A

Two vulnerabilities were discovered in dhcpcd5 a DHCP client package.
A remote (on a local network) attacker can possibly execute arbitrary
code or cause a denial of service attack by crafted messages.

CVE-2014-7912

    The get_option function does not validate the relationship between
    length fields and the amount of data, which allows remote DHCP
    servers to execute arbitrary code or cause a denial of service
    (memory corruption) via a large length value of an option in a
    DHCPACK message.

CVE-2014-7913

    The print_option function misinterprets the return value of the
    snprintf function, which allows remote DHCP servers to execute
    arbitrary code or cause a denial of service (memory corruption)
    via a crafted message.

For Debian 7 "Wheezy", these problems have been fixed in version
5.5.6-1+deb7u2.

We recommend that you upgrade your dhcpcd5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- -- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Folkebogatan 26          \
|  ola@inguza.com                      654 68 KARLSTAD          |
|  http://inguza.com/                  +46 (0)70-332 1551       |
\  gpg/f.p.: 22F2 32C6 B1E0 F4BF 2B26  0A6A 5E90 DCFA 9426 876F /
 ---------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJXVe0+AAoJEF6Q3PqUJodv/5sQAMTyDoM0smhIiOLQt7lm+mXU
pp1eQYKA//35Ev18d0r7XYewbJUI664Go994v08suZZ1ZsJapFbXlHpa8QakXoqc
4umHVG7ISv448LpULTEdIq8fwO+BOTMOx3c66fQvp/IsEiklw5E0AEyeHDX3aefL
x7Z5AP6Byjw+usvgfihYSz7UIjme235SRpCwV05Xc86t2uD4J14QZbA4tDwbsZQ5
aKd3kmjRKDhyTILtqLZSuLEx4k7jyXR5lQx23IrbBTQpqWBrrGTrDO9gLqOiRO5b
huIKQC4LYTh+tLG5BCTpvDr0PobsXP2uPSyMewomuGhWa/npmEOb5upkaJyrJOMg
tp2jX52bbQy26fKO5uEKrmiGC5Rqd23D1xbGKrGYb7pvswGq/tNEBMEgivEnLbZ6
nbNcTrEDa3tG26rvYwXk0OOXxMc4NN9IACfiRL+PQTJEvSC+D6le7Jo3GYfASDoa
VHkGvg1ZOqxCOzrN3lKvlQbUqu7klzaS0pHKa3meNZkL6Gs4Z0OuEwbRFk9hhtO1
n/8DXNKye/0U7uTtQr9D1Xhj1MQ6DvPy2QPICQek5NWd6O0p8bioYofbQug2dZP1
z99FaX6c1y+WmY65L+fZgadtTe/YMiRg974WCcZDvh0LNp6xnZh/DAloVODuADLB
pRxtkwgHqGW9qGTx9EMV
=hoM6
-----END PGP SIGNATURE-----
Reply to: