Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDVSA-2010:114 ] dhcp
From: security () mandriva com
Date: Fri, 11 Jun 2010 14:51:00 +0200


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:114
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : June 11, 2010
 Affected: 2009.1, 2010.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in dhcp:
 
 ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote
 attackers to cause a denial of service (server exit) via a zero-length
 client ID (CVE-2010-2156).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 ca0e18771bae325324d45f8c881957b4  2009.1/i586/dhcp-client-4.1.0-5.6mdv2009.1.i586.rpm
 d2821b6d3c4b9a2d885d91a80d885f5e  2009.1/i586/dhcp-common-4.1.0-5.6mdv2009.1.i586.rpm
 be0312249bd3d4aa6abe3e7bba250ffd  2009.1/i586/dhcp-devel-4.1.0-5.6mdv2009.1.i586.rpm
 56ef4ebe348a6c029dd31a04405c0be9  2009.1/i586/dhcp-doc-4.1.0-5.6mdv2009.1.i586.rpm
 c397f3ded9ec7ff7c4c6fb0f05694aaf  2009.1/i586/dhcp-relay-4.1.0-5.6mdv2009.1.i586.rpm
 c348f093fbe6fd618493315bb21ee0e4  2009.1/i586/dhcp-server-4.1.0-5.6mdv2009.1.i586.rpm 
 b37e34eebb02721497899b73f2091fa4  2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 dd463d2c5d4bb3866f65faac52b86825  2009.1/x86_64/dhcp-client-4.1.0-5.6mdv2009.1.x86_64.rpm
 b4ab08a52f677d9154197361bb3beb71  2009.1/x86_64/dhcp-common-4.1.0-5.6mdv2009.1.x86_64.rpm
 465ccd781073d4acd1820dfbe354d2c5  2009.1/x86_64/dhcp-devel-4.1.0-5.6mdv2009.1.x86_64.rpm
 9479f7bb5755991cba4fe42a5762929f  2009.1/x86_64/dhcp-doc-4.1.0-5.6mdv2009.1.x86_64.rpm
 4f07bb126d71a42bd4605817a6342e0f  2009.1/x86_64/dhcp-relay-4.1.0-5.6mdv2009.1.x86_64.rpm
 17ac7274866aba46a64f39193516d527  2009.1/x86_64/dhcp-server-4.1.0-5.6mdv2009.1.x86_64.rpm 
 b37e34eebb02721497899b73f2091fa4  2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm

 Mandriva Linux 2010.0:
 28f36037b4f4175aac2aa8c54db0230c  2010.0/i586/dhcp-client-4.1.0p1-2.4mdv2010.0.i586.rpm
 d5926e37a24c74a6f23aeb33f3311fd4  2010.0/i586/dhcp-common-4.1.0p1-2.4mdv2010.0.i586.rpm
 e763e2e523dcdc07499c3617bccf3377  2010.0/i586/dhcp-devel-4.1.0p1-2.4mdv2010.0.i586.rpm
 7454f1929d461ae1473e5f083c906be9  2010.0/i586/dhcp-doc-4.1.0p1-2.4mdv2010.0.i586.rpm
 1a9d158430198c933bbc6f3a4a9c3fbe  2010.0/i586/dhcp-relay-4.1.0p1-2.4mdv2010.0.i586.rpm
 59c94ecf403cf53a5f25a88377977409  2010.0/i586/dhcp-server-4.1.0p1-2.4mdv2010.0.i586.rpm 
 4406b97779a93db5e62609e8a847af2d  2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 8eb8a46bdc51c5d8ef6b1f080d371dbb  2010.0/x86_64/dhcp-client-4.1.0p1-2.4mdv2010.0.x86_64.rpm
 2fb5ca5e007b7b70bbaabf29a50a68f6  2010.0/x86_64/dhcp-common-4.1.0p1-2.4mdv2010.0.x86_64.rpm
 f808f1b130b73880aa2692f01e6d63d9  2010.0/x86_64/dhcp-devel-4.1.0p1-2.4mdv2010.0.x86_64.rpm
 c892404112bf109541ddfd22d0a904db  2010.0/x86_64/dhcp-doc-4.1.0p1-2.4mdv2010.0.x86_64.rpm
 6a11b5dd6f0b764bd8bea7287c72b27d  2010.0/x86_64/dhcp-relay-4.1.0p1-2.4mdv2010.0.x86_64.rpm
 b9fd585ed151638c822610c474c288bb  2010.0/x86_64/dhcp-server-4.1.0p1-2.4mdv2010.0.x86_64.rpm 
 4406b97779a93db5e62609e8a847af2d  2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMEgRYmqjQ0CJFipgRAtKfAJ49Y82PyYgsJdrlkNTJbyha4rH0QwCdHgxB
GaSAf/bABHAXQ3UVRzkx8o0=
=bg0v
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDVSA-2010:114 ] dhcp security (Jun 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]