lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MRBLY-0002Ca-Pv@titan.mandriva.com>
Date: Wed, 15 Jul 2009 22:45:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:151 ] dhcp


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:151
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : July 15, 2009
 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ISC DHCP:
 
 Stack-based buffer overflow in the script_write_params method in
 client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0
 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP
 servers to execute arbitrary code via a crafted subnet-mask option
 (CVE-2009-0692).
 
 This update provides fixes for this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 4cd13c0fa308591d86453aa7c626a98d  2008.1/i586/dhcp-client-3.0.6-5.1mdv2008.1.i586.rpm
 d5c653262e5a7fcd9e4e9a4b15bce95e  2008.1/i586/dhcp-common-3.0.6-5.1mdv2008.1.i586.rpm
 64f32fb6dd70254ddcb03fb37b76584f  2008.1/i586/dhcp-devel-3.0.6-5.1mdv2008.1.i586.rpm
 9f34d9a940606e840f55afca2278530d  2008.1/i586/dhcp-doc-3.0.6-5.1mdv2008.1.i586.rpm
 d019d096e3a39d0de8c009840acfaa5b  2008.1/i586/dhcp-relay-3.0.6-5.1mdv2008.1.i586.rpm
 86f63eba79002256abc419571cc08966  2008.1/i586/dhcp-server-3.0.6-5.1mdv2008.1.i586.rpm 
 2cf6f851a2ffac9bcebd76ded76afbe0  2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 b3f83840a4bdc9a9e9c45bdda724c074  2008.1/x86_64/dhcp-client-3.0.6-5.1mdv2008.1.x86_64.rpm
 b3e44b2256ef7f965eb6f34c4dabcfc2  2008.1/x86_64/dhcp-common-3.0.6-5.1mdv2008.1.x86_64.rpm
 0e0f0b3e95fd2b6c68c841012e79c2ff  2008.1/x86_64/dhcp-devel-3.0.6-5.1mdv2008.1.x86_64.rpm
 00bdeee89cfe516bb64038a2938598d2  2008.1/x86_64/dhcp-doc-3.0.6-5.1mdv2008.1.x86_64.rpm
 673894e8d9b0fce1b8c0216bc2d96b92  2008.1/x86_64/dhcp-relay-3.0.6-5.1mdv2008.1.x86_64.rpm
 76a762d1e6b4b73d18d59a9bc17cfbf2  2008.1/x86_64/dhcp-server-3.0.6-5.1mdv2008.1.x86_64.rpm 
 2cf6f851a2ffac9bcebd76ded76afbe0  2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 7828772d45f2e49b28e0131690cae716  2009.0/i586/dhcp-client-3.0.7-1.3mdv2009.0.i586.rpm
 10f29dfb03f0e12c02f763c35cc86920  2009.0/i586/dhcp-common-3.0.7-1.3mdv2009.0.i586.rpm
 9ade5eec8deb2538a4fe6eee38b695b7  2009.0/i586/dhcp-devel-3.0.7-1.3mdv2009.0.i586.rpm
 ace9cd717c6703e92f3602da4ee67d79  2009.0/i586/dhcp-doc-3.0.7-1.3mdv2009.0.i586.rpm
 26efcc14702c7135d472c269ca39351f  2009.0/i586/dhcp-relay-3.0.7-1.3mdv2009.0.i586.rpm
 b545b4bb4c7173c00c5f2d0905cee3d5  2009.0/i586/dhcp-server-3.0.7-1.3mdv2009.0.i586.rpm 
 1edad702b89a7cb00da60658541f80a1  2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 39c2269839704c240b67c197a74dbef6  2009.0/x86_64/dhcp-client-3.0.7-1.3mdv2009.0.x86_64.rpm
 01c474de671fdcea02e1d0a9fe54a3f4  2009.0/x86_64/dhcp-common-3.0.7-1.3mdv2009.0.x86_64.rpm
 bf4583ab41bc8b01e12fb6ad154019a2  2009.0/x86_64/dhcp-devel-3.0.7-1.3mdv2009.0.x86_64.rpm
 64879fd029304090683181522545e9e8  2009.0/x86_64/dhcp-doc-3.0.7-1.3mdv2009.0.x86_64.rpm
 50989109d8caa700de1cdc0fe7b9b4c9  2009.0/x86_64/dhcp-relay-3.0.7-1.3mdv2009.0.x86_64.rpm
 3b356f62ae5b07db2f309d36c3c765d6  2009.0/x86_64/dhcp-server-3.0.7-1.3mdv2009.0.x86_64.rpm 
 1edad702b89a7cb00da60658541f80a1  2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 71e07830a16cc391994dcf3ef9fc6dfc  2009.1/i586/dhcp-client-4.1.0-5.1mdv2009.1.i586.rpm
 1d7012bea3a7d2c2edfce38499f4e193  2009.1/i586/dhcp-common-4.1.0-5.1mdv2009.1.i586.rpm
 ed3da60d275232ffe13b23eb6c5e64bf  2009.1/i586/dhcp-devel-4.1.0-5.1mdv2009.1.i586.rpm
 bc290c608b51a636e798778ea1505854  2009.1/i586/dhcp-doc-4.1.0-5.1mdv2009.1.i586.rpm
 6cf00e2028827d7197955be009261e3a  2009.1/i586/dhcp-relay-4.1.0-5.1mdv2009.1.i586.rpm
 e5a49e05b77ae52ca1a76af5109407d2  2009.1/i586/dhcp-server-4.1.0-5.1mdv2009.1.i586.rpm 
 9aeb85d8e0eb0eb6ce03cf3db2124d2f  2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 f4c5b5021f8ba08bf9e3008cfcbca73d  2009.1/x86_64/dhcp-client-4.1.0-5.1mdv2009.1.x86_64.rpm
 0772e5306d15b9dcf095099b2caa012f  2009.1/x86_64/dhcp-common-4.1.0-5.1mdv2009.1.x86_64.rpm
 16a612f677999d895e5cf36bb5e595a9  2009.1/x86_64/dhcp-devel-4.1.0-5.1mdv2009.1.x86_64.rpm
 8862bca44a1d1ee4b55ba84a0e132ed3  2009.1/x86_64/dhcp-doc-4.1.0-5.1mdv2009.1.x86_64.rpm
 d01b8aa8f8eff85859d34645063511e9  2009.1/x86_64/dhcp-relay-4.1.0-5.1mdv2009.1.x86_64.rpm
 76bf9e340ed3fdaff1b55d8f6e8a77b1  2009.1/x86_64/dhcp-server-4.1.0-5.1mdv2009.1.x86_64.rpm 
 9aeb85d8e0eb0eb6ce03cf3db2124d2f  2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm

 Corporate 3.0:
 5c5d1c35b227dc1abdc64b359aca9fad  corporate/3.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm
 123b8e08573564fa32e3ca0344d8c0fc  corporate/3.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm
 f5fd59531989ba2612dd5733644ee471  corporate/3.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm
 2cd978815eb0a2921fc8da265c697cef  corporate/3.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm
 c8cb1b80a941fdf42936622518b697fc  corporate/3.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm 
 a33f20def070596b266d8e53240004a5  corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 8cfa75f48a936849aaea8d2a86eb788c  corporate/3.0/x86_64/dhcp-client-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
 d52fd82f673b4fea9ae75ab65d923df6  corporate/3.0/x86_64/dhcp-common-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
 125593fd03e14bb2c3f4db303169f2cb  corporate/3.0/x86_64/dhcp-devel-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
 c2d93ed438f3e86e2cbe8abf42745e8a  corporate/3.0/x86_64/dhcp-relay-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
 26cd3ebb2cb90c1ad96adb7b9fd51295  corporate/3.0/x86_64/dhcp-server-3.0-1.rc14.0.2.C30mdk.x86_64.rpm 
 a33f20def070596b266d8e53240004a5  corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm

 Corporate 4.0:
 6ad0c2915f332fc5b3e92c21dcf9f4a3  corporate/4.0/i586/dhcp-client-3.0.4-2.2.20060mlcs4.i586.rpm
 06b5b65e8e3a7f73ef76285b28b44296  corporate/4.0/i586/dhcp-common-3.0.4-2.2.20060mlcs4.i586.rpm
 3e03b623fe344c45c45e54e6406d8d6a  corporate/4.0/i586/dhcp-devel-3.0.4-2.2.20060mlcs4.i586.rpm
 d220982a55e2d4c6e3d95944ea8c61c4  corporate/4.0/i586/dhcp-relay-3.0.4-2.2.20060mlcs4.i586.rpm
 5d0c5ca15e8d53ef616d02ca3ea0561e  corporate/4.0/i586/dhcp-server-3.0.4-2.2.20060mlcs4.i586.rpm 
 2b26e96371889d63227573cf8252a30a  corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6fac390a2d1f0bc573843a6bdaa97d91  corporate/4.0/x86_64/dhcp-client-3.0.4-2.2.20060mlcs4.x86_64.rpm
 6fe16cc08807c5dc93b55b6b5a478752  corporate/4.0/x86_64/dhcp-common-3.0.4-2.2.20060mlcs4.x86_64.rpm
 4c8747a0cc72f49aa138e85eccc3f0aa  corporate/4.0/x86_64/dhcp-devel-3.0.4-2.2.20060mlcs4.x86_64.rpm
 80375f41430fd4bf08b0a945d97fb55b  corporate/4.0/x86_64/dhcp-relay-3.0.4-2.2.20060mlcs4.x86_64.rpm
 a2c9ea695af81e2e7e1b02e042c6be89  corporate/4.0/x86_64/dhcp-server-3.0.4-2.2.20060mlcs4.x86_64.rpm 
 2b26e96371889d63227573cf8252a30a  corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm

 Multi Network Firewall 2.0:
 306b2d346ce6f0b15065bb5d9d7f01d4  mnf/2.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm
 6647587c8b18bab00651092ae03a53fe  mnf/2.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm
 344b17a9a4c1a5b430e46c005abb6b92  mnf/2.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm
 3ba378795bd28056e2cf15df82433f15  mnf/2.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm
 6810651722059cd1442bd72953b123a0  mnf/2.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm 
 123e2b911a2f959e1e933732fb33e78b  mnf/2.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKXhHnmqjQ0CJFipgRAl2EAJ483PDoMMs4y85H11Vqz/jlhfEGVgCg4hQB
g3VfQivkDBXVmxB5U4dKJOo=
=oGPW
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ