lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1PmTg5-0001mP-0k@titan.mandriva.com>
Date: Mon, 07 Feb 2011 17:11:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:022 ] dhcp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:022
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : February 7, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in dhcp:
 
 The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV
 and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote
 attackers to cause a denial of service (assertion failure and daemon
 crash) by sending a message over IPv6 for a declined and abandoned
 address (CVE-2011-0413).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 65c4c7d0e66a2df6485307c2001f24b0  2010.0/i586/dhcp-client-4.1.2-0.3mdv2010.0.i586.rpm
 524caa21dbe2e3cf36d4d16de7e53da2  2010.0/i586/dhcp-common-4.1.2-0.3mdv2010.0.i586.rpm
 2f4c2b7920bdfd71c360af5f73bfdfe8  2010.0/i586/dhcp-devel-4.1.2-0.3mdv2010.0.i586.rpm
 7c1cc00109e18e7d1464f9072bb719d6  2010.0/i586/dhcp-doc-4.1.2-0.3mdv2010.0.i586.rpm
 dd92268889b6157b4714a19cfc5750fa  2010.0/i586/dhcp-relay-4.1.2-0.3mdv2010.0.i586.rpm
 87dda0a955b93e8373610c1a0e173c30  2010.0/i586/dhcp-server-4.1.2-0.3mdv2010.0.i586.rpm 
 b8f3fc8978ea01a0aca04724854ae1cf  2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 e2bcb97dffaa40ad9658c2ca356f911b  2010.0/x86_64/dhcp-client-4.1.2-0.3mdv2010.0.x86_64.rpm
 5d3c36e8169f632bc4cb0bee8c529af2  2010.0/x86_64/dhcp-common-4.1.2-0.3mdv2010.0.x86_64.rpm
 f6496937c234008f680dc025affa7207  2010.0/x86_64/dhcp-devel-4.1.2-0.3mdv2010.0.x86_64.rpm
 0c9ba464bb9440351ccb126f46d97837  2010.0/x86_64/dhcp-doc-4.1.2-0.3mdv2010.0.x86_64.rpm
 e8dce1402658e8a46c2366b438d65622  2010.0/x86_64/dhcp-relay-4.1.2-0.3mdv2010.0.x86_64.rpm
 97ecfed951ed5454b315b3b027b3337f  2010.0/x86_64/dhcp-server-4.1.2-0.3mdv2010.0.x86_64.rpm 
 b8f3fc8978ea01a0aca04724854ae1cf  2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 38ef869104c1db0f95fc6e7869be6f6c  2010.1/i586/dhcp-client-4.1.2-0.3mdv2010.2.i586.rpm
 b99f897bd2c17fb3f03b89a996a4f7c1  2010.1/i586/dhcp-common-4.1.2-0.3mdv2010.2.i586.rpm
 ac14dc0687bbb819ad9dd7e1681b49fb  2010.1/i586/dhcp-devel-4.1.2-0.3mdv2010.2.i586.rpm
 234e482da875009f8eb4dd6b349c115c  2010.1/i586/dhcp-doc-4.1.2-0.3mdv2010.2.i586.rpm
 d086d84360b98551f6287128f2d25cbf  2010.1/i586/dhcp-relay-4.1.2-0.3mdv2010.2.i586.rpm
 4cf23679e74bd2d0f1b359880b1129eb  2010.1/i586/dhcp-server-4.1.2-0.3mdv2010.2.i586.rpm 
 f57a5990f3e9c38367dbb6c855e30795  2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0cc5b90af0efcb5b6e316735c39cb3e1  2010.1/x86_64/dhcp-client-4.1.2-0.3mdv2010.2.x86_64.rpm
 949622a9f8e4282d8c32e3aef359643f  2010.1/x86_64/dhcp-common-4.1.2-0.3mdv2010.2.x86_64.rpm
 5af2129b4f4303aa3fa6e9ad0ce10597  2010.1/x86_64/dhcp-devel-4.1.2-0.3mdv2010.2.x86_64.rpm
 4bf50dfbf0f8f7c2d867ca61d4abdb9f  2010.1/x86_64/dhcp-doc-4.1.2-0.3mdv2010.2.x86_64.rpm
 b29f5b924eab6535ba5ee293629f75cb  2010.1/x86_64/dhcp-relay-4.1.2-0.3mdv2010.2.x86_64.rpm
 3429f3b5bdb0d3684fe60df72ace7bb5  2010.1/x86_64/dhcp-server-4.1.2-0.3mdv2010.2.x86_64.rpm 
 f57a5990f3e9c38367dbb6c855e30795  2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNT+04mqjQ0CJFipgRAgp5AJ981fEMFBOppIo3Fom97Ji2FoSFEwCgkOhw
nDcqcIwXZxBYWbWoSElkj2c=
=GqhQ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ