[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MRBLY-0002Ca-Pv@titan.mandriva.com>
Date: Wed, 15 Jul 2009 22:45:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:151 ] dhcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:151
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dhcp
Date : July 15, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in ISC DHCP:
Stack-based buffer overflow in the script_write_params method in
client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0
before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP
servers to execute arbitrary code via a crafted subnet-mask option
(CVE-2009-0692).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
4cd13c0fa308591d86453aa7c626a98d 2008.1/i586/dhcp-client-3.0.6-5.1mdv2008.1.i586.rpm
d5c653262e5a7fcd9e4e9a4b15bce95e 2008.1/i586/dhcp-common-3.0.6-5.1mdv2008.1.i586.rpm
64f32fb6dd70254ddcb03fb37b76584f 2008.1/i586/dhcp-devel-3.0.6-5.1mdv2008.1.i586.rpm
9f34d9a940606e840f55afca2278530d 2008.1/i586/dhcp-doc-3.0.6-5.1mdv2008.1.i586.rpm
d019d096e3a39d0de8c009840acfaa5b 2008.1/i586/dhcp-relay-3.0.6-5.1mdv2008.1.i586.rpm
86f63eba79002256abc419571cc08966 2008.1/i586/dhcp-server-3.0.6-5.1mdv2008.1.i586.rpm
2cf6f851a2ffac9bcebd76ded76afbe0 2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
b3f83840a4bdc9a9e9c45bdda724c074 2008.1/x86_64/dhcp-client-3.0.6-5.1mdv2008.1.x86_64.rpm
b3e44b2256ef7f965eb6f34c4dabcfc2 2008.1/x86_64/dhcp-common-3.0.6-5.1mdv2008.1.x86_64.rpm
0e0f0b3e95fd2b6c68c841012e79c2ff 2008.1/x86_64/dhcp-devel-3.0.6-5.1mdv2008.1.x86_64.rpm
00bdeee89cfe516bb64038a2938598d2 2008.1/x86_64/dhcp-doc-3.0.6-5.1mdv2008.1.x86_64.rpm
673894e8d9b0fce1b8c0216bc2d96b92 2008.1/x86_64/dhcp-relay-3.0.6-5.1mdv2008.1.x86_64.rpm
76a762d1e6b4b73d18d59a9bc17cfbf2 2008.1/x86_64/dhcp-server-3.0.6-5.1mdv2008.1.x86_64.rpm
2cf6f851a2ffac9bcebd76ded76afbe0 2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
7828772d45f2e49b28e0131690cae716 2009.0/i586/dhcp-client-3.0.7-1.3mdv2009.0.i586.rpm
10f29dfb03f0e12c02f763c35cc86920 2009.0/i586/dhcp-common-3.0.7-1.3mdv2009.0.i586.rpm
9ade5eec8deb2538a4fe6eee38b695b7 2009.0/i586/dhcp-devel-3.0.7-1.3mdv2009.0.i586.rpm
ace9cd717c6703e92f3602da4ee67d79 2009.0/i586/dhcp-doc-3.0.7-1.3mdv2009.0.i586.rpm
26efcc14702c7135d472c269ca39351f 2009.0/i586/dhcp-relay-3.0.7-1.3mdv2009.0.i586.rpm
b545b4bb4c7173c00c5f2d0905cee3d5 2009.0/i586/dhcp-server-3.0.7-1.3mdv2009.0.i586.rpm
1edad702b89a7cb00da60658541f80a1 2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
39c2269839704c240b67c197a74dbef6 2009.0/x86_64/dhcp-client-3.0.7-1.3mdv2009.0.x86_64.rpm
01c474de671fdcea02e1d0a9fe54a3f4 2009.0/x86_64/dhcp-common-3.0.7-1.3mdv2009.0.x86_64.rpm
bf4583ab41bc8b01e12fb6ad154019a2 2009.0/x86_64/dhcp-devel-3.0.7-1.3mdv2009.0.x86_64.rpm
64879fd029304090683181522545e9e8 2009.0/x86_64/dhcp-doc-3.0.7-1.3mdv2009.0.x86_64.rpm
50989109d8caa700de1cdc0fe7b9b4c9 2009.0/x86_64/dhcp-relay-3.0.7-1.3mdv2009.0.x86_64.rpm
3b356f62ae5b07db2f309d36c3c765d6 2009.0/x86_64/dhcp-server-3.0.7-1.3mdv2009.0.x86_64.rpm
1edad702b89a7cb00da60658541f80a1 2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm
Mandriva Linux 2009.1:
71e07830a16cc391994dcf3ef9fc6dfc 2009.1/i586/dhcp-client-4.1.0-5.1mdv2009.1.i586.rpm
1d7012bea3a7d2c2edfce38499f4e193 2009.1/i586/dhcp-common-4.1.0-5.1mdv2009.1.i586.rpm
ed3da60d275232ffe13b23eb6c5e64bf 2009.1/i586/dhcp-devel-4.1.0-5.1mdv2009.1.i586.rpm
bc290c608b51a636e798778ea1505854 2009.1/i586/dhcp-doc-4.1.0-5.1mdv2009.1.i586.rpm
6cf00e2028827d7197955be009261e3a 2009.1/i586/dhcp-relay-4.1.0-5.1mdv2009.1.i586.rpm
e5a49e05b77ae52ca1a76af5109407d2 2009.1/i586/dhcp-server-4.1.0-5.1mdv2009.1.i586.rpm
9aeb85d8e0eb0eb6ce03cf3db2124d2f 2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
f4c5b5021f8ba08bf9e3008cfcbca73d 2009.1/x86_64/dhcp-client-4.1.0-5.1mdv2009.1.x86_64.rpm
0772e5306d15b9dcf095099b2caa012f 2009.1/x86_64/dhcp-common-4.1.0-5.1mdv2009.1.x86_64.rpm
16a612f677999d895e5cf36bb5e595a9 2009.1/x86_64/dhcp-devel-4.1.0-5.1mdv2009.1.x86_64.rpm
8862bca44a1d1ee4b55ba84a0e132ed3 2009.1/x86_64/dhcp-doc-4.1.0-5.1mdv2009.1.x86_64.rpm
d01b8aa8f8eff85859d34645063511e9 2009.1/x86_64/dhcp-relay-4.1.0-5.1mdv2009.1.x86_64.rpm
76bf9e340ed3fdaff1b55d8f6e8a77b1 2009.1/x86_64/dhcp-server-4.1.0-5.1mdv2009.1.x86_64.rpm
9aeb85d8e0eb0eb6ce03cf3db2124d2f 2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm
Corporate 3.0:
5c5d1c35b227dc1abdc64b359aca9fad corporate/3.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm
123b8e08573564fa32e3ca0344d8c0fc corporate/3.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm
f5fd59531989ba2612dd5733644ee471 corporate/3.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm
2cd978815eb0a2921fc8da265c697cef corporate/3.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm
c8cb1b80a941fdf42936622518b697fc corporate/3.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm
a33f20def070596b266d8e53240004a5 corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
8cfa75f48a936849aaea8d2a86eb788c corporate/3.0/x86_64/dhcp-client-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
d52fd82f673b4fea9ae75ab65d923df6 corporate/3.0/x86_64/dhcp-common-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
125593fd03e14bb2c3f4db303169f2cb corporate/3.0/x86_64/dhcp-devel-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
c2d93ed438f3e86e2cbe8abf42745e8a corporate/3.0/x86_64/dhcp-relay-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
26cd3ebb2cb90c1ad96adb7b9fd51295 corporate/3.0/x86_64/dhcp-server-3.0-1.rc14.0.2.C30mdk.x86_64.rpm
a33f20def070596b266d8e53240004a5 corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm
Corporate 4.0:
6ad0c2915f332fc5b3e92c21dcf9f4a3 corporate/4.0/i586/dhcp-client-3.0.4-2.2.20060mlcs4.i586.rpm
06b5b65e8e3a7f73ef76285b28b44296 corporate/4.0/i586/dhcp-common-3.0.4-2.2.20060mlcs4.i586.rpm
3e03b623fe344c45c45e54e6406d8d6a corporate/4.0/i586/dhcp-devel-3.0.4-2.2.20060mlcs4.i586.rpm
d220982a55e2d4c6e3d95944ea8c61c4 corporate/4.0/i586/dhcp-relay-3.0.4-2.2.20060mlcs4.i586.rpm
5d0c5ca15e8d53ef616d02ca3ea0561e corporate/4.0/i586/dhcp-server-3.0.4-2.2.20060mlcs4.i586.rpm
2b26e96371889d63227573cf8252a30a corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6fac390a2d1f0bc573843a6bdaa97d91 corporate/4.0/x86_64/dhcp-client-3.0.4-2.2.20060mlcs4.x86_64.rpm
6fe16cc08807c5dc93b55b6b5a478752 corporate/4.0/x86_64/dhcp-common-3.0.4-2.2.20060mlcs4.x86_64.rpm
4c8747a0cc72f49aa138e85eccc3f0aa corporate/4.0/x86_64/dhcp-devel-3.0.4-2.2.20060mlcs4.x86_64.rpm
80375f41430fd4bf08b0a945d97fb55b corporate/4.0/x86_64/dhcp-relay-3.0.4-2.2.20060mlcs4.x86_64.rpm
a2c9ea695af81e2e7e1b02e042c6be89 corporate/4.0/x86_64/dhcp-server-3.0.4-2.2.20060mlcs4.x86_64.rpm
2b26e96371889d63227573cf8252a30a corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm
Multi Network Firewall 2.0:
306b2d346ce6f0b15065bb5d9d7f01d4 mnf/2.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm
6647587c8b18bab00651092ae03a53fe mnf/2.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm
344b17a9a4c1a5b430e46c005abb6b92 mnf/2.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm
3ba378795bd28056e2cf15df82433f15 mnf/2.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm
6810651722059cd1442bd72953b123a0 mnf/2.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm
123e2b911a2f959e1e933732fb33e78b mnf/2.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKXhHnmqjQ0CJFipgRAl2EAJ483PDoMMs4y85H11Vqz/jlhfEGVgCg4hQB
g3VfQivkDBXVmxB5U4dKJOo=
=oGPW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists