drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in dhcp
Name: |
Zwei Probleme in dhcp |
|
ID: |
FEDORA-2011-0848 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 13 |
|
Datum: |
Di, 19. April 2011, 08:51 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0997 |
|
Applikationen: |
ISC DHCP |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2011-0848 2011-01-28 18:50:18 ------------------------------------------------------------------------------- -
Name : dhcp Product : Fedora 13 Version : 4.1.2 Release : 4.ESV.R2.fc13 URL : http://isc.org/products/DHCP/ Summary : Dynamic host configuration protocol software Description : DHCP (Dynamic Host Configuration Protocol) is a protocol which allows individual devices on an IP network to get their own network configuration information (IP address, subnetmask, broadcast address, etc.) from a DHCP server. The overall purpose of DHCP is to make it easier to administer a large network. The dhcp package includes the ISC DHCP service and relay agent.
To use DHCP on your network, install a DHCP service (or relay agent), and on clients run a DHCP client daemon. The dhcp package provides the ISC DHCP service and relay agent.
------------------------------------------------------------------------------- - Update Information:
This is a SECURITY release of ISC DHCP, which fixes two security related bugs: CVE-2011-0413: DHCPv6 server CVE-2011-0997: dhclient ------------------------------------------------------------------------------- - ChangeLog:
* Wed Apr 6 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.2-4.ESV.R2 - Better fix for CVE-2011-0997: making domain-name check more lenient (#694005) * Wed Apr 6 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.2-3.ESV.R2 - 4.1-ESV-R2: fix for CVE-2011-0997 (#694005) * Thu Jan 27 2011 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.2-2.ESV.R1 - 4.1-ESV-R1: fix for CVE-2011-0413 (#672996) * Thu Nov 4 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.2-1.ESV - 4.1-ESV, extended support release. - We need to be able to upgrade from 4.1.1 so I called it 4.1.2-ESV, because it's actually 4.1.2 with small number of bug fixes. - No longer need: invalid-dhclient-conf.patch, release6-elapsed.patch, parse_date.patch, CVE-2010-3611.patch * Thu Nov 4 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 (#649880) * Wed Oct 13 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-26.P1 - Server was ignoring client's Solicit (where client included address/prefix as a preference) (#634842) * Tue Sep 7 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-25.P1 - Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO * Fri Aug 20 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-24.P1 - Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay * Tue Jun 29 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-23.P1 - Fix parsing of date (#514828) * Thu Jun 3 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-22.P1 - 4.1.1-P1 (pair of bug fixes including one for a security related bug). - Fix for CVE-2010-2156 (#601405) - Compile with -fno-strict-aliasing - N-V-R (copied from bind.spec): Name-Version-Release.Patch.dist * Mon May 3 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-21 - Fix the initialization-delay.patch (#587070) * Thu Apr 29 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-20 - Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070) * Wed Apr 28 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-19 - Move /etc/NetworkManager/dispatcher.d/10-dhclient script from dhcp to dhclient subpackage (#586999). * Wed Apr 28 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-18 - Add domain-search to the list of default requested DHCP options (#586906) * Wed Apr 21 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-17 - If the Reply was received in response to Renew or Rebind message, client adds any new addresses in the IA option to the IA (#578097) * Mon Apr 19 2010 Jiri Popelka <jpopelka@redhat.com> - 12:4.1.1-16 - Fill in Elapsed Time Option in Release/Decline messages (#582939) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #672755 - CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message https://bugzilla.redhat.com/show_bug.cgi?id=672755 [ 2 ] Bug #689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values https://bugzilla.redhat.com/show_bug.cgi?id=689832 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update dhcp' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|