[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PbEzs-0007f7-PD@titan.mandriva.com>
Date: Fri, 07 Jan 2011 17:17:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:001 ] dhcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:001
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dhcp
Date : January 7, 2011
Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in dhcp:
ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover
partnerships, allows remote attackers to cause a denial of service
(communications-interrupted state and DHCP client service loss)
by connecting to a port that is only intended for a failover peer,
as demonstrated by a Nagios check_tcp process check to TCP port 520
(CVE-2010-3616).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3616
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
352220b748d131938d7229d47d78b4be 2009.0/i586/dhcp-client-3.0.7-1.7mdv2009.0.i586.rpm
d1ac99f1b505ae8c41ec98d8a90f40eb 2009.0/i586/dhcp-common-3.0.7-1.7mdv2009.0.i586.rpm
becd002a9b173d9c36d851637343d053 2009.0/i586/dhcp-devel-3.0.7-1.7mdv2009.0.i586.rpm
6276486dcfdbb62f74d3a742661a1f96 2009.0/i586/dhcp-doc-3.0.7-1.7mdv2009.0.i586.rpm
a87cc9bc27dd4308b29a72aa44bd2cc4 2009.0/i586/dhcp-relay-3.0.7-1.7mdv2009.0.i586.rpm
47c3b8ddba055a149e9c2a2ed8ddf1d4 2009.0/i586/dhcp-server-3.0.7-1.7mdv2009.0.i586.rpm
580a737a981bb37db6c221ddaad9b659 2009.0/SRPMS/dhcp-3.0.7-1.7mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
205d20102cc4ec6187de995814d29f26 2009.0/x86_64/dhcp-client-3.0.7-1.7mdv2009.0.x86_64.rpm
1877723f76250e44bb064fd579bd9055 2009.0/x86_64/dhcp-common-3.0.7-1.7mdv2009.0.x86_64.rpm
46a819a4c15aa3d7915eece8078bf54c 2009.0/x86_64/dhcp-devel-3.0.7-1.7mdv2009.0.x86_64.rpm
5f34210fa0e66fee60ad81464fae2d49 2009.0/x86_64/dhcp-doc-3.0.7-1.7mdv2009.0.x86_64.rpm
6d69a0a7419029e8fef5ecb15d94411d 2009.0/x86_64/dhcp-relay-3.0.7-1.7mdv2009.0.x86_64.rpm
a2cc3945a870d110fdd3afc39343aedd 2009.0/x86_64/dhcp-server-3.0.7-1.7mdv2009.0.x86_64.rpm
580a737a981bb37db6c221ddaad9b659 2009.0/SRPMS/dhcp-3.0.7-1.7mdv2009.0.src.rpm
Mandriva Linux 2010.0:
7dca7b7091aeb1490d034b7406ca6568 2010.0/i586/dhcp-client-4.1.2-0.2mdv2010.0.i586.rpm
d5d51ac715eb4f2d4ef28d0e84e47557 2010.0/i586/dhcp-common-4.1.2-0.2mdv2010.0.i586.rpm
9b34710d1a5577e1734fc3f6d71641ab 2010.0/i586/dhcp-devel-4.1.2-0.2mdv2010.0.i586.rpm
dee7786b4b9848d7ebad10711d96f0de 2010.0/i586/dhcp-doc-4.1.2-0.2mdv2010.0.i586.rpm
afda5d9060e0653ce7bb41fa122fcf72 2010.0/i586/dhcp-relay-4.1.2-0.2mdv2010.0.i586.rpm
3d8d959738fe477696e9d0cb0eb6571d 2010.0/i586/dhcp-server-4.1.2-0.2mdv2010.0.i586.rpm
b38f5840e56e5cd67e6595a913eeef15 2010.0/SRPMS/dhcp-4.1.2-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
8c9c26bf15bdab498a2b9eaab667fce1 2010.0/x86_64/dhcp-client-4.1.2-0.2mdv2010.0.x86_64.rpm
e788ec071e8ba85e07ead2eb5f76799f 2010.0/x86_64/dhcp-common-4.1.2-0.2mdv2010.0.x86_64.rpm
77112ba1f52adee40b41701ef8252f89 2010.0/x86_64/dhcp-devel-4.1.2-0.2mdv2010.0.x86_64.rpm
7c558d5b37a9146725c806866bcd7273 2010.0/x86_64/dhcp-doc-4.1.2-0.2mdv2010.0.x86_64.rpm
a90bd7525f31ceba3d8be408af5a2ab6 2010.0/x86_64/dhcp-relay-4.1.2-0.2mdv2010.0.x86_64.rpm
07f9c64e4c5a2a0e92c8e24f0200c044 2010.0/x86_64/dhcp-server-4.1.2-0.2mdv2010.0.x86_64.rpm
b38f5840e56e5cd67e6595a913eeef15 2010.0/SRPMS/dhcp-4.1.2-0.2mdv2010.0.src.rpm
Mandriva Linux 2010.1:
6de8d296802f046fee8aff5f1741e76a 2010.1/i586/dhcp-client-4.1.2-0.2mdv2010.2.i586.rpm
7734763fd15f882479227fba3b72ff53 2010.1/i586/dhcp-common-4.1.2-0.2mdv2010.2.i586.rpm
8cbfbfd569d327a0baa157c808eeda64 2010.1/i586/dhcp-devel-4.1.2-0.2mdv2010.2.i586.rpm
757ffeeca12cb8b2cc866cc57ef12c66 2010.1/i586/dhcp-doc-4.1.2-0.2mdv2010.2.i586.rpm
f2866c7d32690b96cff9af0ce44cd7a6 2010.1/i586/dhcp-relay-4.1.2-0.2mdv2010.2.i586.rpm
81da40e910c91c5bdc03a6fd855ecf82 2010.1/i586/dhcp-server-4.1.2-0.2mdv2010.2.i586.rpm
f6a907061ba9ad980e1b2feb861c2b38 2010.1/SRPMS/dhcp-4.1.2-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
58078be9d423c568a028cbbc73753d7d 2010.1/x86_64/dhcp-client-4.1.2-0.2mdv2010.2.x86_64.rpm
415b86a4f35961d29df299172de85180 2010.1/x86_64/dhcp-common-4.1.2-0.2mdv2010.2.x86_64.rpm
a6b8c3abeb54c2bb2529f72e79db1725 2010.1/x86_64/dhcp-devel-4.1.2-0.2mdv2010.2.x86_64.rpm
0ee4a6c6d881fcbabf4f4a073a5cb3b1 2010.1/x86_64/dhcp-doc-4.1.2-0.2mdv2010.2.x86_64.rpm
e0bd77c3d94ebe40309acbfcbb4c5ce8 2010.1/x86_64/dhcp-relay-4.1.2-0.2mdv2010.2.x86_64.rpm
6bf19dbab153e587d79fdf23e4458968 2010.1/x86_64/dhcp-server-4.1.2-0.2mdv2010.2.x86_64.rpm
f6a907061ba9ad980e1b2feb861c2b38 2010.1/SRPMS/dhcp-4.1.2-0.2mdv2010.2.src.rpm
Corporate 4.0:
0759756055f4eeb33d9bc2bfe9cb6b6a corporate/4.0/i586/dhcp-client-3.0.7-0.3.20060mlcs4.i586.rpm
6db1ad43e4c45b5169e649254fec4643 corporate/4.0/i586/dhcp-common-3.0.7-0.3.20060mlcs4.i586.rpm
24e06de7ed92c91cf6a4fb61990a4395 corporate/4.0/i586/dhcp-devel-3.0.7-0.3.20060mlcs4.i586.rpm
5438ebf7987686f977ce6fa215291f0a corporate/4.0/i586/dhcp-relay-3.0.7-0.3.20060mlcs4.i586.rpm
f3eae776b918b21a0787aa4eca90bfb5 corporate/4.0/i586/dhcp-server-3.0.7-0.3.20060mlcs4.i586.rpm
0b78b88f121b8910389456327e4aed76 corporate/4.0/SRPMS/dhcp-3.0.7-0.3.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0c81a6a1e211458111d4de569dc3751c corporate/4.0/x86_64/dhcp-client-3.0.7-0.3.20060mlcs4.x86_64.rpm
99b8e557cbe451a5b48e765f9777fcce corporate/4.0/x86_64/dhcp-common-3.0.7-0.3.20060mlcs4.x86_64.rpm
c784d73a8594f4490b02f4f4bf9c3878 corporate/4.0/x86_64/dhcp-devel-3.0.7-0.3.20060mlcs4.x86_64.rpm
b6e5739df340888d0f486c4bb704a6d5 corporate/4.0/x86_64/dhcp-relay-3.0.7-0.3.20060mlcs4.x86_64.rpm
44b1091f9070185def5f1b505087aea2 corporate/4.0/x86_64/dhcp-server-3.0.7-0.3.20060mlcs4.x86_64.rpm
0b78b88f121b8910389456327e4aed76 corporate/4.0/SRPMS/dhcp-3.0.7-0.3.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
212002c0d99535d8d55d2019f9e60524 mes5/i586/dhcp-client-3.0.7-1.7mdvmes5.1.i586.rpm
2e40e4182cc8f65739e83201083c59e7 mes5/i586/dhcp-common-3.0.7-1.7mdvmes5.1.i586.rpm
ec1b13bebe71aa422695e2e8ea611141 mes5/i586/dhcp-devel-3.0.7-1.7mdvmes5.1.i586.rpm
9e31acc697b7a3226e9242586217ccd6 mes5/i586/dhcp-doc-3.0.7-1.7mdvmes5.1.i586.rpm
b91892afb53586e598ad1da61be401fb mes5/i586/dhcp-relay-3.0.7-1.7mdvmes5.1.i586.rpm
f90cea092aadd1ada7fbb6b7498f6e9f mes5/i586/dhcp-server-3.0.7-1.7mdvmes5.1.i586.rpm
51d131c36f166d0c2db73468939d1db6 mes5/SRPMS/dhcp-3.0.7-1.7mdvmes5.1.src.rpm
Mandriva Enterprise Server 5/X86_64:
1e08d43652114295fe73eae2d7039166 mes5/x86_64/dhcp-client-3.0.7-1.7mdvmes5.1.x86_64.rpm
76b1963dd3cbbcc522ad721b38401e36 mes5/x86_64/dhcp-common-3.0.7-1.7mdvmes5.1.x86_64.rpm
82c2719758d4f30a033f6f56745ad18c mes5/x86_64/dhcp-devel-3.0.7-1.7mdvmes5.1.x86_64.rpm
070db091fef95a1f7cd57739a6bec486 mes5/x86_64/dhcp-doc-3.0.7-1.7mdvmes5.1.x86_64.rpm
688e65042922da02211e849cbc196f29 mes5/x86_64/dhcp-relay-3.0.7-1.7mdvmes5.1.x86_64.rpm
894b1f07fee958e9988ece7f0bc09fd0 mes5/x86_64/dhcp-server-3.0.7-1.7mdvmes5.1.x86_64.rpm
51d131c36f166d0c2db73468939d1db6 mes5/SRPMS/dhcp-3.0.7-1.7mdvmes5.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNJwvmmqjQ0CJFipgRAlf9AJ4/ChDCuyQYP08zzVaTp8qwCDrrnACffhdq
tWsFRJ4JWWnGizO4/QwSBVQ=
=pbwi
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists