[Full-disclosure] [ MDVSA-2010:114 ] dhcp




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:114
http://www.mandriva.com/security/
_______________________________________________________________________

Package : dhcp
Date : June 11, 2010
Affected: 2009.1, 2010.0
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in dhcp:

ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote
attackers to cause a denial of service (server exit) via a zero-length
client ID (CVE-2010-2156).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.1:
ca0e18771bae325324d45f8c881957b4 2009.1/i586/dhcp-client-4.1.0-5.6mdv2009.1.i586.rpm
d2821b6d3c4b9a2d885d91a80d885f5e 2009.1/i586/dhcp-common-4.1.0-5.6mdv2009.1.i586.rpm
be0312249bd3d4aa6abe3e7bba250ffd 2009.1/i586/dhcp-devel-4.1.0-5.6mdv2009.1.i586.rpm
56ef4ebe348a6c029dd31a04405c0be9 2009.1/i586/dhcp-doc-4.1.0-5.6mdv2009.1.i586.rpm
c397f3ded9ec7ff7c4c6fb0f05694aaf 2009.1/i586/dhcp-relay-4.1.0-5.6mdv2009.1.i586.rpm
c348f093fbe6fd618493315bb21ee0e4 2009.1/i586/dhcp-server-4.1.0-5.6mdv2009.1.i586.rpm
b37e34eebb02721497899b73f2091fa4 2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64:
dd463d2c5d4bb3866f65faac52b86825 2009.1/x86_64/dhcp-client-4.1.0-5.6mdv2009.1.x86_64.rpm
b4ab08a52f677d9154197361bb3beb71 2009.1/x86_64/dhcp-common-4.1.0-5.6mdv2009.1.x86_64.rpm
465ccd781073d4acd1820dfbe354d2c5 2009.1/x86_64/dhcp-devel-4.1.0-5.6mdv2009.1.x86_64.rpm
9479f7bb5755991cba4fe42a5762929f 2009.1/x86_64/dhcp-doc-4.1.0-5.6mdv2009.1.x86_64.rpm
4f07bb126d71a42bd4605817a6342e0f 2009.1/x86_64/dhcp-relay-4.1.0-5.6mdv2009.1.x86_64.rpm
17ac7274866aba46a64f39193516d527 2009.1/x86_64/dhcp-server-4.1.0-5.6mdv2009.1.x86_64.rpm
b37e34eebb02721497899b73f2091fa4 2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm

Mandriva Linux 2010.0:
28f36037b4f4175aac2aa8c54db0230c 2010.0/i586/dhcp-client-4.1.0p1-2.4mdv2010.0.i586.rpm
d5926e37a24c74a6f23aeb33f3311fd4 2010.0/i586/dhcp-common-4.1.0p1-2.4mdv2010.0.i586.rpm
e763e2e523dcdc07499c3617bccf3377 2010.0/i586/dhcp-devel-4.1.0p1-2.4mdv2010.0.i586.rpm
7454f1929d461ae1473e5f083c906be9 2010.0/i586/dhcp-doc-4.1.0p1-2.4mdv2010.0.i586.rpm
1a9d158430198c933bbc6f3a4a9c3fbe 2010.0/i586/dhcp-relay-4.1.0p1-2.4mdv2010.0.i586.rpm
59c94ecf403cf53a5f25a88377977409 2010.0/i586/dhcp-server-4.1.0p1-2.4mdv2010.0.i586.rpm
4406b97779a93db5e62609e8a847af2d 2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm

Mandriva Linux 2010.0/X86_64:
8eb8a46bdc51c5d8ef6b1f080d371dbb 2010.0/x86_64/dhcp-client-4.1.0p1-2.4mdv2010.0.x86_64.rpm
2fb5ca5e007b7b70bbaabf29a50a68f6 2010.0/x86_64/dhcp-common-4.1.0p1-2.4mdv2010.0.x86_64.rpm
f808f1b130b73880aa2692f01e6d63d9 2010.0/x86_64/dhcp-devel-4.1.0p1-2.4mdv2010.0.x86_64.rpm
c892404112bf109541ddfd22d0a904db 2010.0/x86_64/dhcp-doc-4.1.0p1-2.4mdv2010.0.x86_64.rpm
6a11b5dd6f0b764bd8bea7287c72b27d 2010.0/x86_64/dhcp-relay-4.1.0p1-2.4mdv2010.0.x86_64.rpm
b9fd585ed151638c822610c474c288bb 2010.0/x86_64/dhcp-server-4.1.0p1-2.4mdv2010.0.x86_64.rpm
4406b97779a93db5e62609e8a847af2d 2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMEgRYmqjQ0CJFipgRAtKfAJ49Y82PyYgsJdrlkNTJbyha4rH0QwCdHgxB
GaSAf/bABHAXQ3UVRzkx8o0=
=bg0v
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Full-Disclosure)
  • [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix i
    ... Local exploitation of a memory corruption vulnerability in the X.Org ... Updated packages are patched to address these issues. ... Packages for Mandriva Linux 2007.1 are now available. ...
    (Full-Disclosure)