Описание
Security update for dhcp
This update for dhcp fixes the following issues:
Security issues fixed:
- CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303).
- CVE-2018-5732: buffer overflow in dhclient (bsc#1083302).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP3
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
SUSE Linux Enterprise Server 12 SP2
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
dhcp-relay-4.3.3-10.14.1
dhcp-server-4.3.3-10.14.1
SUSE Linux Enterprise Server 12 SP3
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
dhcp-relay-4.3.3-10.14.1
dhcp-server-4.3.3-10.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
dhcp-relay-4.3.3-10.14.1
dhcp-server-4.3.3-10.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
dhcp-relay-4.3.3-10.14.1
dhcp-server-4.3.3-10.14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
dhcp-4.3.3-10.14.1
dhcp-client-4.3.3-10.14.1
dhcp-relay-4.3.3-10.14.1
dhcp-server-4.3.3-10.14.1
SUSE Linux Enterprise Software Development Kit 12 SP2
dhcp-devel-4.3.3-10.14.1
SUSE Linux Enterprise Software Development Kit 12 SP3
dhcp-devel-4.3.3-10.14.1
Ссылки
- Link for SUSE-SU-2018:0812-1
- E-Mail link for SUSE-SU-2018:0812-1
- SUSE Security Ratings
- SUSE Bug 1083302
- SUSE Bug 1083303
- SUSE CVE CVE-2018-5732 page
- SUSE CVE CVE-2018-5733 page
Описание
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP2:dhcp-client-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP3:dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP3:dhcp-client-4.3.3-10.14.1
Ссылки
- CVE-2018-5732
- SUSE Bug 1083302
- SUSE Bug 1085417
Описание
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP2:dhcp-client-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP3:dhcp-4.3.3-10.14.1
SUSE Linux Enterprise Desktop 12 SP3:dhcp-client-4.3.3-10.14.1
Ссылки
- CVE-2018-5733
- SUSE Bug 1083303
- SUSE Bug 1085417