rPath alert rPSA-2009-0041-1 (dhclient)
| From: | rPath Update Announcements <announce-noreply@rpath.com> | |
| To: | security-announce@lists.rpath.com, update-announce@lists.rpath.com, security-announce@lists.rpath.com, update-announce@lists.rpath.com | |
| Subject: | rPSA-2009-0041-1 dhclient dhcp libdhcp4client | |
| Date: | Thu, 12 Mar 2009 19:02:09 -0400 | |
| Message-ID: | <49b99471.flEMnfTgziymwpYl%announce-noreply@rpath.com> | |
| Cc: | full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org, bugtraq@securityfocus.com, lwn@lwn.net, full-disclosure@lists.grok.org.uk, vulnwatch@vulnwatch.org, bugtraq@securityfocus.com, lwn@lwn.net |
rPath Security Advisory: 2009-0041-1 Published: 2009-03-12 Products: rPath Linux 1 rPath Linux 2 Rating: Critical Exposure Level Classification: Remote Root Deterministic Denial of Service Updated Versions: dhclient=conary.rpath.com@rpl:1/3.0.7-0.4-1 dhclient=conary.rpath.com@rpl:2/3.1.2-0.2-1 dhcp=conary.rpath.com@rpl:1/3.0.7-0.4-1 dhcp=conary.rpath.com@rpl:2/3.1.2-0.2-1 libdhcp4client=conary.rpath.com@rpl:2/3.1.2-0.2-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-2987 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0062 Description: Previous versions of the ISC DHCP server were vulnerable to denial of service or arbitrary code execution attacks via malformed DHCP packets with a large dhcp-max-message-size that trigger a stack-based buffer overflow. Note that rPath Linux 2 is susceptible only to a Denial of Service in this case, due to the stack protector feature enabled as part of rPath Linux 2. http://wiki.rpath.com/Advisories:rPSA-2009-0041 Copyright 2009 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html ----------------------------------------- The information in this message may be proprietary and/or confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify First Data immediately by replying to this message and deleting it from your computer.