Säkerhetsbulletin från Debian
DSA-1388-3 dhcp -- buffertspill
- Rapporterat den:
- 2007-10-29
- Berörda paket:
- dhcp
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Debians felrapporteringssystem: Fel 446354.
I Mitres CVE-förteckning: CVE-2007-5365. - Ytterligare information:
-
Patchen som användes för att rätta DHCP-serverns buffertspill i DSA-1388-1 var inte komplett och rättade inte problemet på ett adekvat sätt. Denna uppdatering till den tidigare bulletinen tillhandahåller uppdaterade paket baserade på en nyare version av patchen.
Texten från originalbulletinen följer nedan:
Man har upptäckt att dhcp, en DHCP-server för automatisk tilldelning av IP-adresser, inte allokerade plats för nätverkssvar korrekt. Detta kunde potentiellt göra det möjligt för en elak DHCP-klient att exekvera godtycklig kod på DHCP-servern.
För den stabila utgåvan (Etch) har detta problem rättats i version 2.0pl5-19.5etch2.
För den instabila utgåvan (Sid) kommer detta problem att rättas inom kort.
Vi rekommenderar att ni uppgraderar ert dhcp-paket.
- Rättat i:
-
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.dsc
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.diff.gz
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_alpha.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_amd64.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_arm.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_arm.udeb
- HP Precision:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_hppa.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_i386.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_ia64.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mips.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mipsel.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_mipsel.udeb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_powerpc.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_s390.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch2_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch2_sparc.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch2_sparc.deb
Debian GNU/Linux 4.0 (etch)
- Källkod:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.dsc
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.diff.gz
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_alpha.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_alpha.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_amd64.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_amd64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_arm.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_arm.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_hppa.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_hppa.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_i386.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_i386.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_ia64.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_ia64.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mips.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mips.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_mipsel.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_powerpc.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_s390.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_s390.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_s390.udeb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5etch1_sparc.udeb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.5etch1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.5etch1_sparc.deb
- http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.5etch1_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.