lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q9HW9-0006tN-6n@titan.mandriva.com>
Date: Mon, 11 Apr 2011 15:51:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:073 ] dhcp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:073
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : April 11, 2011
 Affected: 2009.0, 2010.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in ISC DHCP:
 
 dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV
 before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote
 attackers to execute arbitrary commands via shell metacharacters in
 a hostname obtained from a DHCP message (CVE-2011-0997).
 
 Additionally for Corporate Server 4 and Enterprise Server 5 ISC DHCP
 has been upgraded from the 3.0.7 version to the 4.1.2-P1 version
 which brings many enhancements such as better ipv6 support.
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have upgraded to the 4.1.2-P1 version and patched
 to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997
 http://ftp.isc.org/isc/dhcp/dhcp-4.1.2-P1-RELNOTES
 https://www.isc.org/software/dhcp/advisories/cve-2011-0997
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 0fe2b147ebdba8b68f69ddc27160db5c  2009.0/i586/dhcp-client-4.1.2-0.4mdv2009.0.i586.rpm
 f4ee7090da2bec5cb4482f2fa21beb8b  2009.0/i586/dhcp-common-4.1.2-0.4mdv2009.0.i586.rpm
 a4a5bd2f2d8f4d40a4c60d5dde55307c  2009.0/i586/dhcp-devel-4.1.2-0.4mdv2009.0.i586.rpm
 814bc88e335fb03901f326300ae92961  2009.0/i586/dhcp-doc-4.1.2-0.4mdv2009.0.i586.rpm
 ec52571bb8002e9394b1eb6e6fc95b64  2009.0/i586/dhcp-relay-4.1.2-0.4mdv2009.0.i586.rpm
 e7fed43b5db92babf8ca3acbd7210b7f  2009.0/i586/dhcp-server-4.1.2-0.4mdv2009.0.i586.rpm 
 18489ac449e257f1fa9aad9e7a054b45  2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b557459f67de2b8ec481d313d9a26cb2  2009.0/x86_64/dhcp-client-4.1.2-0.4mdv2009.0.x86_64.rpm
 b4ea7a9670866fff6cd3f4eb77073a84  2009.0/x86_64/dhcp-common-4.1.2-0.4mdv2009.0.x86_64.rpm
 4f9a9c9a9815697e17a65b942771e31d  2009.0/x86_64/dhcp-devel-4.1.2-0.4mdv2009.0.x86_64.rpm
 df18345c665846817880f815af0ad0e8  2009.0/x86_64/dhcp-doc-4.1.2-0.4mdv2009.0.x86_64.rpm
 eac313ff664e3ea9f8e4c3818d7b7387  2009.0/x86_64/dhcp-relay-4.1.2-0.4mdv2009.0.x86_64.rpm
 48cca35591072588de0e1b9f00ca88eb  2009.0/x86_64/dhcp-server-4.1.2-0.4mdv2009.0.x86_64.rpm 
 18489ac449e257f1fa9aad9e7a054b45  2009.0/SRPMS/dhcp-4.1.2-0.4mdv2009.0.src.rpm

 Mandriva Linux 2010.0:
 88ba2b9d0ccfddf8b1b6f516851d08ce  2010.0/i586/dhcp-client-4.1.2-0.4mdv2010.0.i586.rpm
 1475209ee7b9fb9b7f26ad5b20afcdcf  2010.0/i586/dhcp-common-4.1.2-0.4mdv2010.0.i586.rpm
 ea29d2bfd21b02a56057cd36dc21f43a  2010.0/i586/dhcp-devel-4.1.2-0.4mdv2010.0.i586.rpm
 067c3ac4f7530e447f82bbe4326253a3  2010.0/i586/dhcp-doc-4.1.2-0.4mdv2010.0.i586.rpm
 409516cfb0004d5f4522040b81433ce7  2010.0/i586/dhcp-relay-4.1.2-0.4mdv2010.0.i586.rpm
 a23871dfa6632571cdf4a2559941ad89  2010.0/i586/dhcp-server-4.1.2-0.4mdv2010.0.i586.rpm 
 265c9ec68af7e23baf8b1b6fcc4cc64f  2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 403dfe148141d926bc2f5e31c18360ba  2010.0/x86_64/dhcp-client-4.1.2-0.4mdv2010.0.x86_64.rpm
 2cd0331b9935442a68d606e1d58b0608  2010.0/x86_64/dhcp-common-4.1.2-0.4mdv2010.0.x86_64.rpm
 80a31ea430793ce9d2269c9d31aa03bd  2010.0/x86_64/dhcp-devel-4.1.2-0.4mdv2010.0.x86_64.rpm
 d5053dc644215e70dfc5380afdbc90c4  2010.0/x86_64/dhcp-doc-4.1.2-0.4mdv2010.0.x86_64.rpm
 377fe3099561dd0a795617977164b91f  2010.0/x86_64/dhcp-relay-4.1.2-0.4mdv2010.0.x86_64.rpm
 57b98ba8696c7a7d20ab96a823f4ff0d  2010.0/x86_64/dhcp-server-4.1.2-0.4mdv2010.0.x86_64.rpm 
 265c9ec68af7e23baf8b1b6fcc4cc64f  2010.0/SRPMS/dhcp-4.1.2-0.4mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 5b603213aa47a9772cf786ae6ee046da  2010.1/i586/dhcp-client-4.1.2-0.4mdv2010.2.i586.rpm
 3046be07aaa09d1b39fcc8c07ef25e58  2010.1/i586/dhcp-common-4.1.2-0.4mdv2010.2.i586.rpm
 1b5a481f6db0b53e666884cfda6ac44c  2010.1/i586/dhcp-devel-4.1.2-0.4mdv2010.2.i586.rpm
 279beab531b59a715c946a00bd58fc48  2010.1/i586/dhcp-doc-4.1.2-0.4mdv2010.2.i586.rpm
 a328ab24b56f1ac03f8f420acd0a3806  2010.1/i586/dhcp-relay-4.1.2-0.4mdv2010.2.i586.rpm
 f7c61c55748270add2fe45d3245895c8  2010.1/i586/dhcp-server-4.1.2-0.4mdv2010.2.i586.rpm 
 30d4e8965d393765fb98b425889df126  2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 27f78c74028b1ea64dbd596c05cfa83f  2010.1/x86_64/dhcp-client-4.1.2-0.4mdv2010.2.x86_64.rpm
 ab56614386900415fecba15f4c17db13  2010.1/x86_64/dhcp-common-4.1.2-0.4mdv2010.2.x86_64.rpm
 535a2eb4b6a4b1f78f47201e0b4249c3  2010.1/x86_64/dhcp-devel-4.1.2-0.4mdv2010.2.x86_64.rpm
 64e9bac6fe8f4dbee3e1aebd5d91e977  2010.1/x86_64/dhcp-doc-4.1.2-0.4mdv2010.2.x86_64.rpm
 612892e71f2aeddfd8b55cd7ac220247  2010.1/x86_64/dhcp-relay-4.1.2-0.4mdv2010.2.x86_64.rpm
 9bb46bca8de30ee4b99bfe09867a3924  2010.1/x86_64/dhcp-server-4.1.2-0.4mdv2010.2.x86_64.rpm 
 30d4e8965d393765fb98b425889df126  2010.1/SRPMS/dhcp-4.1.2-0.4mdv2010.2.src.rpm

 Corporate 4.0:
 f49d86732da26402b022b2d980049c03  corporate/4.0/i586/dhcp-client-4.1.2-0.4.20060mlcs4.i586.rpm
 acd985bc51c25cc42325befb357b0dcc  corporate/4.0/i586/dhcp-common-4.1.2-0.4.20060mlcs4.i586.rpm
 c01506a802e46af23c8f10a72c6a0eb2  corporate/4.0/i586/dhcp-devel-4.1.2-0.4.20060mlcs4.i586.rpm
 81522530fa5e97057d6eeea18ad7bec3  corporate/4.0/i586/dhcp-doc-4.1.2-0.4.20060mlcs4.i586.rpm
 2ebfdf7ee9224b7403c4ab5e8370d9ab  corporate/4.0/i586/dhcp-relay-4.1.2-0.4.20060mlcs4.i586.rpm
 c2bbacf8934b9e3dc78cdb49cd811ec9  corporate/4.0/i586/dhcp-server-4.1.2-0.4.20060mlcs4.i586.rpm 
 ac3031a0c5dfeb6274aa28d669e66cba  corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 2747bf835e111141b9a91dc320eeab43  corporate/4.0/x86_64/dhcp-client-4.1.2-0.4.20060mlcs4.x86_64.rpm
 0c998112346a5da94e09d55c996d6dff  corporate/4.0/x86_64/dhcp-common-4.1.2-0.4.20060mlcs4.x86_64.rpm
 fd38ef505da0c593ef900895abeb1ddc  corporate/4.0/x86_64/dhcp-devel-4.1.2-0.4.20060mlcs4.x86_64.rpm
 69b3d6cbf21c46828de40a322fd1310d  corporate/4.0/x86_64/dhcp-doc-4.1.2-0.4.20060mlcs4.x86_64.rpm
 c5acb788ae76e674952d656fa9b0d1a5  corporate/4.0/x86_64/dhcp-relay-4.1.2-0.4.20060mlcs4.x86_64.rpm
 e19db50139a291a7acd23491af5f8d54  corporate/4.0/x86_64/dhcp-server-4.1.2-0.4.20060mlcs4.x86_64.rpm 
 ac3031a0c5dfeb6274aa28d669e66cba  corporate/4.0/SRPMS/dhcp-4.1.2-0.4.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 7cbe686b047a6fd6f95cda44669e5862  mes5/i586/dhcp-client-4.1.2-0.4mdvmes5.2.i586.rpm
 af8b9fe15591b76c11f2257e0cb43a37  mes5/i586/dhcp-common-4.1.2-0.4mdvmes5.2.i586.rpm
 2a22a53e6de1a9333c36c5cc250c5ac4  mes5/i586/dhcp-devel-4.1.2-0.4mdvmes5.2.i586.rpm
 9ca551145fc79919000a61419e72de37  mes5/i586/dhcp-doc-4.1.2-0.4mdvmes5.2.i586.rpm
 e9faa5fae712882720b107eb02e51f1f  mes5/i586/dhcp-relay-4.1.2-0.4mdvmes5.2.i586.rpm
 8568f3bac9dd6654b63ebee94c33275e  mes5/i586/dhcp-server-4.1.2-0.4mdvmes5.2.i586.rpm 
 0e5415cf40dde2931cd1b81aada5e7f7  mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 87ae497e9b94fb842718b4fbefb55474  mes5/x86_64/dhcp-client-4.1.2-0.4mdvmes5.2.x86_64.rpm
 71d70558972e1f0729513fce69183de2  mes5/x86_64/dhcp-common-4.1.2-0.4mdvmes5.2.x86_64.rpm
 0f12150d87816bd1770388d8dc309d21  mes5/x86_64/dhcp-devel-4.1.2-0.4mdvmes5.2.x86_64.rpm
 0450f2a86dab4988d1c96a8e9747104f  mes5/x86_64/dhcp-doc-4.1.2-0.4mdvmes5.2.x86_64.rpm
 6a043f417310b6229e8fb8d967c12a8d  mes5/x86_64/dhcp-relay-4.1.2-0.4mdvmes5.2.x86_64.rpm
 e4281f48c410412f60fd33f095b9199c  mes5/x86_64/dhcp-server-4.1.2-0.4mdvmes5.2.x86_64.rpm 
 0e5415cf40dde2931cd1b81aada5e7f7  mes5/SRPMS/dhcp-4.1.2-0.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNotZnmqjQ0CJFipgRAsarAJ4zitKb2D4e53sOLX4vqvuPs5tLCACffyPE
Y8Ya7GFbhILVKuKTG+Ps+3k=
=EXBX
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ