[SECURITY] Fedora 13 Update: dhcp-4.1.2-4.ESV.R2.fc13

updates at fedoraproject.org updates at fedoraproject.org
Mon Apr 18 21:21:43 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0848
2011-01-28 18:50:18
--------------------------------------------------------------------------------

Name        : dhcp
Product     : Fedora 13
Version     : 4.1.2
Release     : 4.ESV.R2.fc13
URL         : http://isc.org/products/DHCP/
Summary     : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.  The dhcp package includes the
ISC DHCP service and relay agent.

To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon.  The dhcp package provides
the ISC DHCP service and relay agent.

--------------------------------------------------------------------------------
Update Information:

This is a SECURITY release of ISC DHCP, which fixes two security related bugs:
CVE-2011-0413: DHCPv6 server
CVE-2011-0997: dhclient
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  6 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-4.ESV.R2
- Better fix for CVE-2011-0997: making domain-name check more lenient (#694005)
* Wed Apr  6 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-3.ESV.R2
- 4.1-ESV-R2: fix for CVE-2011-0997 (#694005)
* Thu Jan 27 2011 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-2.ESV.R1
- 4.1-ESV-R1: fix for CVE-2011-0413 (#672996)
* Thu Nov  4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.2-1.ESV
- 4.1-ESV, extended support release.
- We need to be able to upgrade from 4.1.1 so I called it 4.1.2-ESV,
  because it's actually 4.1.2 with small number of bug fixes.
- No longer need: invalid-dhclient-conf.patch, release6-elapsed.patch,
                  parse_date.patch, CVE-2010-3611.patch
* Thu Nov  4 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-27.P1
- Fix for CVE-2010-3611 (#649880)
* Wed Oct 13 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-26.P1
- Server was ignoring client's
  Solicit (where client included address/prefix as a preference) (#634842)
* Tue Sep  7 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-25.P1
- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
* Fri Aug 20 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-24.P1
- Add DHCRELAYARGS variable to /etc/sysconfig/dhcrelay
* Tue Jun 29 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-23.P1
- Fix parsing of date (#514828)
* Thu Jun  3 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-22.P1
- 4.1.1-P1 (pair of bug fixes including one for a security related bug).
- Fix for CVE-2010-2156 (#601405)
- Compile with -fno-strict-aliasing
- N-V-R (copied from bind.spec): Name-Version-Release.Patch.dist
* Mon May  3 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-21
- Fix the initialization-delay.patch (#587070)
* Thu Apr 29 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-20
- Cut down the 0-4 second delay before sending first DHCPDISCOVER (#587070)
* Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-19
- Move /etc/NetworkManager/dispatcher.d/10-dhclient script
  from dhcp to dhclient subpackage (#586999).
* Wed Apr 28 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-18
- Add domain-search to the list of default requested DHCP options (#586906)
* Wed Apr 21 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-17
- If the Reply was received in response to Renew or Rebind message,
  client adds any new addresses in the IA option to the IA (#578097)
* Mon Apr 19 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.1-16
- Fill in Elapsed Time Option in Release/Decline messages (#582939)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672755 - CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6 decline message
        https://bugzilla.redhat.com/show_bug.cgi?id=672755
  [ 2 ] Bug #689832 - CVE-2011-0997 dhclient: insufficient sanitization of certain DHCP response values
        https://bugzilla.redhat.com/show_bug.cgi?id=689832
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list