[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1313-1] isc-dhcp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : isc-dhcp
Version        : 4.2.2.dfsg.1-5+deb70u9
CVE ID         : CVE-2018-5732 CVE-2018-5733


Several vulnerabilities have been discovered in the ISC DHCP client,
relay and server. The Common Vulnerabilities and Exposures project
identifies the following issues:

CVE-2018-5732

    Felix Wilhelm of the Google Security Team discovered that the DHCP
    client is prone to an out-of-bound memory access vulnerability when
    processing specially constructed DHCP options responses, resulting
    in potential execution of arbitrary code by a malicious DHCP server.

CVE-2018-5733

    Felix Wilhelm of the Google Security Team discovered that the DHCP
    server does not properly handle reference counting when processing
    client requests. A malicious client can take advantage of this flaw
    to cause a denial of service (dhcpd crash) by sending large amounts
    of traffic.


For Debian 7 "Wheezy", these problems have been fixed in version
4.2.2.dfsg.1-5+deb70u9.

We recommend that you upgrade your isc-dhcp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJatB2SXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHUW0QAJdaL1FwEhuEL1oMECi9nEPT
dsQw1cwdJMWd61p7QMG0p4W5/XFJxZ+KU6uDX2nTw/q6CCjIF10RIPXC3ka3kkC2
mH/Db1yFzA9jhCryYZz+EEIdsAajdy5CZmU0LBWVYicWnqeE8GKOYUjJMNf/49Lr
0DrI0Vgon7VnUQU8cnbggz1Tn9BpWFphDtM6VVO1pniV4IDtLNQnUIijqRcYkfQj
jcKvqyUh8p+Jk3dJY5FM+eQxlCpjDSwH7v1801o0kqvZtgnquWR+XNkK9OQvPqIY
38dWhRisWSLN5YCWa0BEAp25pmWRxKTVLriKNfu8DByG63TVhLRxYQYmcl2jw2Oz
ed+xzXLLudl/4Ruuu1Rrts+mKdQYT+QLMDFyAUooNdJyxrxgn2F3QJkTdd8G33E7
o70MN45hgtd6JFd7Sa9nFVhm0D0mGsf1Z0F/TUbxLxzGvzpIh6YUzJGfzIEgHrGp
LEyxXnSh5a/KdPt5YIpMBKgDvXJebWuYNvhplRCAbigXwxf1Y5DcgOyWObTttkti
BUOFntQC3ePTX5EbmGr/qKKEnMtLQB3Ca2XHR1AZ1znncIAuk1RO0IzMqfzLLwjQ
ThGXvRVkTxJEJflKkAyxpIVqToSS3sltTSGwVzdFRAky12fZWakmFBCK/G/N7fcG
Rrx5h5ivQ7fUBuMqbM+F
=OQ+P
-----END PGP SIGNATURE-----


Reply to: