Säkerhetsbulletin från Debian

DSA-1388-3 dhcp -- buffertspill

Rapporterat den:
2007-10-29
Berörda paket:
dhcp
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 446354.
I Mitres CVE-förteckning: CVE-2007-5365.
Ytterligare information:

Patchen som användes för att rätta DHCP-serverns buffertspill i DSA-1388-1 var inte komplett och rättade inte problemet på ett adekvat sätt. Denna uppdatering till den tidigare bulletinen tillhandahåller uppdaterade paket baserade på en nyare version av patchen.

Texten från originalbulletinen följer nedan:

Man har upptäckt att dhcp, en DHCP-server för automatisk tilldelning av IP-adresser, inte allokerade plats för nätverkssvar korrekt. Detta kunde potentiellt göra det möjligt för en elak DHCP-klient att exekvera godtycklig kod på DHCP-servern.

För den stabila utgåvan (Etch) har detta problem rättats i version 2.0pl5-19.5etch2.

För den instabila utgåvan (Sid) kommer detta problem att rättas inom kort.

Vi rekommenderar att ni uppgraderar ert dhcp-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.dsc
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.diff.gz
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_alpha.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_alpha.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_alpha.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_alpha.udeb
AMD64:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_amd64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_amd64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_amd64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_amd64.udeb
ARM:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_arm.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_arm.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_arm.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_hppa.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_hppa.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_hppa.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_hppa.udeb
Intel IA-32:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_i386.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_i386.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_i386.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_ia64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_ia64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_ia64.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mips.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mips.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mips.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mipsel.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mipsel.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mipsel.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_powerpc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_powerpc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_powerpc.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_s390.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_s390.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_s390.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_sparc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_sparc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_sparc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_sparc.udeb

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.dsc
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_alpha.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_alpha.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_alpha.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_amd64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_amd64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_amd64.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_arm.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_arm.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_arm.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_hppa.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_hppa.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_hppa.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_i386.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_i386.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_i386.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_i386.udeb
Intel IA-64:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_ia64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_ia64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_ia64.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_ia64.udeb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mips.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mips.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mips.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mipsel.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mipsel.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mipsel.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_powerpc.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_powerpc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_powerpc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_s390.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_s390.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_s390.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_sparc.udeb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_sparc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_sparc.deb
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.