[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PmTg5-0001mP-0k@titan.mandriva.com>
Date: Mon, 07 Feb 2011 17:11:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:022 ] dhcp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:022
http://www.mandriva.com/security/
_______________________________________________________________________
Package : dhcp
Date : February 7, 2011
Affected: 2010.0, 2010.1
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in dhcp:
The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV
and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote
attackers to cause a denial of service (assertion failure and daemon
crash) by sending a message over IPv6 for a declined and abandoned
address (CVE-2011-0413).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.0:
65c4c7d0e66a2df6485307c2001f24b0 2010.0/i586/dhcp-client-4.1.2-0.3mdv2010.0.i586.rpm
524caa21dbe2e3cf36d4d16de7e53da2 2010.0/i586/dhcp-common-4.1.2-0.3mdv2010.0.i586.rpm
2f4c2b7920bdfd71c360af5f73bfdfe8 2010.0/i586/dhcp-devel-4.1.2-0.3mdv2010.0.i586.rpm
7c1cc00109e18e7d1464f9072bb719d6 2010.0/i586/dhcp-doc-4.1.2-0.3mdv2010.0.i586.rpm
dd92268889b6157b4714a19cfc5750fa 2010.0/i586/dhcp-relay-4.1.2-0.3mdv2010.0.i586.rpm
87dda0a955b93e8373610c1a0e173c30 2010.0/i586/dhcp-server-4.1.2-0.3mdv2010.0.i586.rpm
b8f3fc8978ea01a0aca04724854ae1cf 2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64:
e2bcb97dffaa40ad9658c2ca356f911b 2010.0/x86_64/dhcp-client-4.1.2-0.3mdv2010.0.x86_64.rpm
5d3c36e8169f632bc4cb0bee8c529af2 2010.0/x86_64/dhcp-common-4.1.2-0.3mdv2010.0.x86_64.rpm
f6496937c234008f680dc025affa7207 2010.0/x86_64/dhcp-devel-4.1.2-0.3mdv2010.0.x86_64.rpm
0c9ba464bb9440351ccb126f46d97837 2010.0/x86_64/dhcp-doc-4.1.2-0.3mdv2010.0.x86_64.rpm
e8dce1402658e8a46c2366b438d65622 2010.0/x86_64/dhcp-relay-4.1.2-0.3mdv2010.0.x86_64.rpm
97ecfed951ed5454b315b3b027b3337f 2010.0/x86_64/dhcp-server-4.1.2-0.3mdv2010.0.x86_64.rpm
b8f3fc8978ea01a0aca04724854ae1cf 2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm
Mandriva Linux 2010.1:
38ef869104c1db0f95fc6e7869be6f6c 2010.1/i586/dhcp-client-4.1.2-0.3mdv2010.2.i586.rpm
b99f897bd2c17fb3f03b89a996a4f7c1 2010.1/i586/dhcp-common-4.1.2-0.3mdv2010.2.i586.rpm
ac14dc0687bbb819ad9dd7e1681b49fb 2010.1/i586/dhcp-devel-4.1.2-0.3mdv2010.2.i586.rpm
234e482da875009f8eb4dd6b349c115c 2010.1/i586/dhcp-doc-4.1.2-0.3mdv2010.2.i586.rpm
d086d84360b98551f6287128f2d25cbf 2010.1/i586/dhcp-relay-4.1.2-0.3mdv2010.2.i586.rpm
4cf23679e74bd2d0f1b359880b1129eb 2010.1/i586/dhcp-server-4.1.2-0.3mdv2010.2.i586.rpm
f57a5990f3e9c38367dbb6c855e30795 2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
0cc5b90af0efcb5b6e316735c39cb3e1 2010.1/x86_64/dhcp-client-4.1.2-0.3mdv2010.2.x86_64.rpm
949622a9f8e4282d8c32e3aef359643f 2010.1/x86_64/dhcp-common-4.1.2-0.3mdv2010.2.x86_64.rpm
5af2129b4f4303aa3fa6e9ad0ce10597 2010.1/x86_64/dhcp-devel-4.1.2-0.3mdv2010.2.x86_64.rpm
4bf50dfbf0f8f7c2d867ca61d4abdb9f 2010.1/x86_64/dhcp-doc-4.1.2-0.3mdv2010.2.x86_64.rpm
b29f5b924eab6535ba5ee293629f75cb 2010.1/x86_64/dhcp-relay-4.1.2-0.3mdv2010.2.x86_64.rpm
3429f3b5bdb0d3684fe60df72ace7bb5 2010.1/x86_64/dhcp-server-4.1.2-0.3mdv2010.2.x86_64.rpm
f57a5990f3e9c38367dbb6c855e30795 2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFNT+04mqjQ0CJFipgRAgp5AJ981fEMFBOppIo3Fom97Ji2FoSFEwCgkOhw
nDcqcIwXZxBYWbWoSElkj2c=
=GqhQ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists