Debian Security Advisory
DLA-1313-1 isc-dhcp -- LTS security update
- Date Reported:
- 22 Mar 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-5732, CVE-2018-5733.
- More information:
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server. The Common Vulnerabilities and Exposures project identifies the following issues:
Felix Wilhelm of the Google Security Team discovered that the DHCP client is prone to an out-of-bound memory access vulnerability when processing specially constructed DHCP options responses, resulting in potential execution of arbitrary code by a malicious DHCP server.
Felix Wilhelm of the Google Security Team discovered that the DHCP server does not properly handle reference counting when processing client requests. A malicious client can take advantage of this flaw to cause a denial of service (dhcpd crash) by sending large amounts of traffic.
For Debian 7
Wheezy, these problems have been fixed in version 4.2.2.dfsg.1-5+deb70u9.
We recommend that you upgrade your isc-dhcp packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS