lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Qu3FN-0001iv-2w@titan.mandriva.com>
Date: Thu, 18 Aug 2011 16:07:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:128 ] dhcp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:128
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : August 18, 2011
 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in dhcp:
 
 The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers
 to cause a denial of service (daemon exit) via a crafted DHCP packet
 (CVE-2011-2748).
 
 The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
 cause a denial of service (daemon exit) via a crafted BOOTP packet
 (CVE-2011-2749).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2748
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2749
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 dda862ad08cb6af3d2c56f00caec8c77  2009.0/i586/dhcp-client-4.1.2-0.5mdv2009.0.i586.rpm
 74a12d5a8bb25e3dc7b05e414a266721  2009.0/i586/dhcp-common-4.1.2-0.5mdv2009.0.i586.rpm
 da73a63834a47bf8dffeb723a096ad87  2009.0/i586/dhcp-devel-4.1.2-0.5mdv2009.0.i586.rpm
 b8f966492c0768a5b07b9f7d4f3b776e  2009.0/i586/dhcp-doc-4.1.2-0.5mdv2009.0.i586.rpm
 5193c66ea505dd58af855fab116c9d3e  2009.0/i586/dhcp-relay-4.1.2-0.5mdv2009.0.i586.rpm
 5446bf09ef2d59e8f1fa17f49aea33b0  2009.0/i586/dhcp-server-4.1.2-0.5mdv2009.0.i586.rpm 
 1e32ea7b2d129fce3902f8d7d3fc7198  2009.0/SRPMS/dhcp-4.1.2-0.5mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 eda9fbd8b6bee2648b34b5f2b6458c1c  2009.0/x86_64/dhcp-client-4.1.2-0.5mdv2009.0.x86_64.rpm
 df4862238668c0077b98b2b03173ccba  2009.0/x86_64/dhcp-common-4.1.2-0.5mdv2009.0.x86_64.rpm
 901134adffc97d090eb365d0b5e799a3  2009.0/x86_64/dhcp-devel-4.1.2-0.5mdv2009.0.x86_64.rpm
 9598ee3d8f8ca49e8a8aeef9e8f943ac  2009.0/x86_64/dhcp-doc-4.1.2-0.5mdv2009.0.x86_64.rpm
 bb8326601929f31c65dcbaaf0ca0946c  2009.0/x86_64/dhcp-relay-4.1.2-0.5mdv2009.0.x86_64.rpm
 7733076ab3269f345b28182a183052f9  2009.0/x86_64/dhcp-server-4.1.2-0.5mdv2009.0.x86_64.rpm 
 1e32ea7b2d129fce3902f8d7d3fc7198  2009.0/SRPMS/dhcp-4.1.2-0.5mdv2009.0.src.rpm

 Mandriva Linux 2010.1:
 6e2ddb421bf4626a15a52dfb0521b37c  2010.1/i586/dhcp-client-4.1.2-0.5mdv2010.2.i586.rpm
 76211a724db2990e07856a9bd6dcbaea  2010.1/i586/dhcp-common-4.1.2-0.5mdv2010.2.i586.rpm
 260b5ddff40f7be3bbdda4c00d658a46  2010.1/i586/dhcp-devel-4.1.2-0.5mdv2010.2.i586.rpm
 63042fe8a76cc5ec84079803bed66d5f  2010.1/i586/dhcp-doc-4.1.2-0.5mdv2010.2.i586.rpm
 99d648dcb18a0d1727d997fe8f2fed7e  2010.1/i586/dhcp-relay-4.1.2-0.5mdv2010.2.i586.rpm
 de21e38b29447cbac0d5414be9fa784c  2010.1/i586/dhcp-server-4.1.2-0.5mdv2010.2.i586.rpm 
 41c369066c2bfedc5be7b163e0e6b690  2010.1/SRPMS/dhcp-4.1.2-0.5mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 f963b8fff5d6632c70630da8ed2570dc  2010.1/x86_64/dhcp-client-4.1.2-0.5mdv2010.2.x86_64.rpm
 dad1f03e73457cead695da4e865b039b  2010.1/x86_64/dhcp-common-4.1.2-0.5mdv2010.2.x86_64.rpm
 7f9ffea345996ce41204c8f38470f0b3  2010.1/x86_64/dhcp-devel-4.1.2-0.5mdv2010.2.x86_64.rpm
 80a5f8a1104dc51fd85325b149320958  2010.1/x86_64/dhcp-doc-4.1.2-0.5mdv2010.2.x86_64.rpm
 459759b5aaa4fa905f2066317b1c25a9  2010.1/x86_64/dhcp-relay-4.1.2-0.5mdv2010.2.x86_64.rpm
 78a70cc56c46e6891e1d650231424684  2010.1/x86_64/dhcp-server-4.1.2-0.5mdv2010.2.x86_64.rpm 
 41c369066c2bfedc5be7b163e0e6b690  2010.1/SRPMS/dhcp-4.1.2-0.5mdv2010.2.src.rpm

 Corporate 4.0:
 363495c22840f39f7f002b4c38cbd174  corporate/4.0/i586/dhcp-client-4.1.2-0.5.20060mlcs4.i586.rpm
 a1cb7ec82ea1729e28485cfca956b5ba  corporate/4.0/i586/dhcp-common-4.1.2-0.5.20060mlcs4.i586.rpm
 e5316e5ed2ba9c5e76f8deff847a9ce2  corporate/4.0/i586/dhcp-devel-4.1.2-0.5.20060mlcs4.i586.rpm
 ced770e7a2ae540efe90e151a84fa008  corporate/4.0/i586/dhcp-doc-4.1.2-0.5.20060mlcs4.i586.rpm
 f78e1cabac3c9ace1228adc169b3d3d7  corporate/4.0/i586/dhcp-relay-4.1.2-0.5.20060mlcs4.i586.rpm
 1a4993e7c92a949c81f73462486e074e  corporate/4.0/i586/dhcp-server-4.1.2-0.5.20060mlcs4.i586.rpm 
 69dfd1ea276880ae59f7aa1028843792  corporate/4.0/SRPMS/dhcp-4.1.2-0.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 ccdd99dfef9bfdb5c05df35d8661fd5c  corporate/4.0/x86_64/dhcp-client-4.1.2-0.5.20060mlcs4.x86_64.rpm
 681b2bcaba8b65e4225f720b3b399e56  corporate/4.0/x86_64/dhcp-common-4.1.2-0.5.20060mlcs4.x86_64.rpm
 b9ee098233d7b73c7c0f20faa81ac46b  corporate/4.0/x86_64/dhcp-devel-4.1.2-0.5.20060mlcs4.x86_64.rpm
 c91cffe785e0a716f6970b1dbdce8feb  corporate/4.0/x86_64/dhcp-doc-4.1.2-0.5.20060mlcs4.x86_64.rpm
 9fbc7814aef5891aedb6530955aa3e85  corporate/4.0/x86_64/dhcp-relay-4.1.2-0.5.20060mlcs4.x86_64.rpm
 0cc7f4b1eb100db2fb16f2b53a91ab2a  corporate/4.0/x86_64/dhcp-server-4.1.2-0.5.20060mlcs4.x86_64.rpm 
 69dfd1ea276880ae59f7aa1028843792  corporate/4.0/SRPMS/dhcp-4.1.2-0.5.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 ab0b7aa49c12b8c6acd50bd000ffcc33  mes5/i586/dhcp-client-4.1.2-0.5mdvmes5.2.i586.rpm
 a28fbd774ff88de36312ba01a09d0e66  mes5/i586/dhcp-common-4.1.2-0.5mdvmes5.2.i586.rpm
 de6e263c8ada2e393c9e2c5eea479feb  mes5/i586/dhcp-devel-4.1.2-0.5mdvmes5.2.i586.rpm
 979061b018262ee4cc32445ac231beb0  mes5/i586/dhcp-doc-4.1.2-0.5mdvmes5.2.i586.rpm
 c9ae8d8e66e350d772a5571f40b94202  mes5/i586/dhcp-relay-4.1.2-0.5mdvmes5.2.i586.rpm
 1eedde1150fb9c40a90845042c31a254  mes5/i586/dhcp-server-4.1.2-0.5mdvmes5.2.i586.rpm 
 8c6cd539abb27fd8180176e25699bcb1  mes5/SRPMS/dhcp-4.1.2-0.5mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 3ba038548a1a0984c9a479f50298a7ee  mes5/x86_64/dhcp-client-4.1.2-0.5mdvmes5.2.x86_64.rpm
 c003f2d1327eaa9e47dbf6abce537710  mes5/x86_64/dhcp-common-4.1.2-0.5mdvmes5.2.x86_64.rpm
 d873f5921673222b1cc078e27c7d6d57  mes5/x86_64/dhcp-devel-4.1.2-0.5mdvmes5.2.x86_64.rpm
 dd083b8e57ad9016aaa398bf1890e355  mes5/x86_64/dhcp-doc-4.1.2-0.5mdvmes5.2.x86_64.rpm
 0067fc25a97ea655786598baf0620eb9  mes5/x86_64/dhcp-relay-4.1.2-0.5mdvmes5.2.x86_64.rpm
 9c9f19f769d6a6332895a0a6529c7e15  mes5/x86_64/dhcp-server-4.1.2-0.5mdvmes5.2.x86_64.rpm 
 8c6cd539abb27fd8180176e25699bcb1  mes5/SRPMS/dhcp-4.1.2-0.5mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFOTOxVmqjQ0CJFipgRAorWAKC6Rug8CkLGlW9N7D0OkQEwDouL6ACgqTSk
CwIiGt7snxBd0tSPM7xcP9U=
=crBj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ