Описание
Security update for dhcp
This update for dhcp fixes the following issues:
- CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used by network adjacent attackers to make the DHCP server non-functional (bsc#969820).
Список пакетов
SUSE Linux Enterprise Desktop 12
dhcp-4.2.6-14.6.1
dhcp-client-4.2.6-14.6.1
SUSE Linux Enterprise Server 12
dhcp-4.2.6-14.6.1
dhcp-client-4.2.6-14.6.1
dhcp-relay-4.2.6-14.6.1
dhcp-server-4.2.6-14.6.1
SUSE Linux Enterprise Server for SAP Applications 12
dhcp-4.2.6-14.6.1
dhcp-client-4.2.6-14.6.1
dhcp-relay-4.2.6-14.6.1
dhcp-server-4.2.6-14.6.1
SUSE Linux Enterprise Software Development Kit 12
dhcp-devel-4.2.6-14.6.1
Ссылки
- Link for SUSE-SU-2016:1692-1
- E-Mail link for SUSE-SU-2016:1692-1
- SUSE Security Ratings
- SUSE Bug 969820
- SUSE CVE CVE-2016-2774 page
Описание
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:dhcp-4.2.6-14.6.1
SUSE Linux Enterprise Desktop 12:dhcp-client-4.2.6-14.6.1
SUSE Linux Enterprise Server 12:dhcp-4.2.6-14.6.1
SUSE Linux Enterprise Server 12:dhcp-client-4.2.6-14.6.1
Ссылки
- CVE-2016-2774
- SUSE Bug 969820