Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#57689 - [dhcp] Multiple vulnerabilities
Attached to Project:
Arch Linux
Opened by Karol Babioch (kbabioch) - Thursday, 01 March 2018, 11:17 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 01 March 2018, 15:42 GMT
Opened by Karol Babioch (kbabioch) - Thursday, 01 March 2018, 11:17 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 01 March 2018, 15:42 GMT
|
Details https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
- A delayed-ack value of 0 (the default), now correctly disables the delayed feature. A change in 4.4.0 prohibited lease updates marking leases active from be written to the lease file when delayed-ack is 0. This in turn, caused servers to lose active lease assignments upon restart. [ISC-Bugs #47141] ! Option reference count was not correctly decremented in error path when parsing buffer for options. Reported by Felix Wilhelm, Google Security Team. [ISC-Bugs #47140] CVE: CVE-2018-5733 ! Corrected an issue where large sized 'X/x' format options were causing option handling logic to overwrite memory when expanding them to human readable form. Reported by Felix Wilhelm, Google Security Team. [ISC-Bugs #47139] CVE: CVE-2018-5732 |
This task depends upon
Closed by Doug Newgard (Scimmia)
Thursday, 01 March 2018, 15:42 GMT
Reason for closing: Fixed
Additional comments about closing: dhcp 4.4.1-1
Thursday, 01 March 2018, 15:42 GMT
Reason for closing: Fixed
Additional comments about closing: dhcp 4.4.1-1