Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2018:0827-1

Опубликовано: 27 мар. 2018
Источник: suse-cvrf

Описание

Security update for dhcp

This update for dhcp fixes the following issues:

Security issues fixed:

  • CVE-2018-5733: reference count overflow in dhcpd (bsc#1083303).
  • CVE-2018-5732: buffer overflow in dhclient (bsc#1083302).

This update was imported from the SUSE:SLE-12-SP1:Update update project.

Список пакетов

openSUSE Leap 42.3
dhcp-4.3.3-11.6.1
dhcp-client-4.3.3-11.6.1
dhcp-devel-4.3.3-11.6.1
dhcp-doc-4.3.3-11.6.1
dhcp-relay-4.3.3-11.6.1
dhcp-server-4.3.3-11.6.1

Ссылки

Описание

Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0

Затронутые продукты
openSUSE Leap 42.3:dhcp-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-client-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-devel-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-doc-4.3.3-11.6.1
Ссылки

Описание

A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.

Затронутые продукты
openSUSE Leap 42.3:dhcp-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-client-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-devel-4.3.3-11.6.1
openSUSE Leap 42.3:dhcp-doc-4.3.3-11.6.1
Ссылки