Security Information / 2012 / Security Information -- DSA-2498-1 dhcpcd

Debian Security Advisory

DSA-2498-1 dhcpcd -- remote stack overflow

Date Reported:

23 Jun 2012

Affected Packages:

dhcpcd

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-2152.

More information:

It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicous DHCP packets.

For the stable distribution (squeeze), this problem has been fixed in version 1:3.2.3-5+squeeze1.

For the testing distribution (wheezy), this problem has been fixed in version 1:3.2.3-11.

For the unstable distribution (sid), this problem has been fixed in version 1:3.2.3-11.

We recommend that you upgrade your dhcpcd package.