[SECURITY] Fedora 14 Update: dhcp-4.2.0-19.P2.fc14

updates at fedoraproject.org updates at fedoraproject.org
Tue Feb 1 20:56:46 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0862
2011-01-28 18:50:50
--------------------------------------------------------------------------------

Name        : dhcp
Product     : Fedora 14
Version     : 4.2.0
Release     : 19.P2.fc14
URL         : http://isc.org/products/DHCP/
Summary     : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.  The dhcp package includes the
ISC DHCP service and relay agent.

To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon.  The dhcp package provides
the ISC DHCP service and relay agent.

--------------------------------------------------------------------------------
Update Information:

A flaw was discovered in the way the dhcpd daemon processed a message for an address that had been previously declined and internally tagged as abandoned. Processing such a message could trigger an assert failure that could crash dhcpd if it was running as a DHCPv6 server. DHCPv4 servers are unaffected. (CVE-2011-0413)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 27 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-19.P2
- CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996)
* Thu Jan 13 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-18.P2
- Fix loading of configuration when LDAP is used (#668276)
* Mon Jan  3 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-17.P2
- Fix OMAPI (#666441)
* Mon Dec 13 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-16.P2
- 4.2.0-P2: fix for CVE-2010-3616 (#662326)
- Use upstream fix for #628258
* Tue Nov  9 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-15.P1
- Applied Patrik Lahti's patch for DHCPv6 over PPP support (#626514)
* Fri Nov  5 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-14.P1
- fix broken dependencies
* Thu Nov  4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-13.P1
- 4.2.0-P1: fix for CVE-2010-3611 (#649880)
- dhclient-script: when updating 'search' statement in resolv.conf,
  add domain part of hostname if it's not already there (#637763)
* Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-12
- Server was ignoring client's
  Solicit (where client included address/prefix as a preference) (#634842)
* Thu Oct  7 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-11
- Use ping instead of arping in dhclient-script to handle
  not-on-local-net gateway in ARP-less device (#524298)
* Thu Oct  7 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-10
- Check whether there is any unexpired address in previous lease
  prior to confirming (INIT-REBOOT) the lease (#585418)
* Mon Oct  4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-9
- RFC 3442 - ignore Router option only if
  Classless Static Routes option contains default router
* Thu Sep 30 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-8
- Explicitly clear the ARP cache and flush all addresses & routes
  instead of bringing the interface down (#574568)
* Tue Sep  7 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.2.0-7
- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672755 - CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message
        https://bugzilla.redhat.com/show_bug.cgi?id=672755
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list