Mailinglist Archive: opensuse-updates (37 mails)

< Previous Next >
openSUSE-SU-2011:1021-1: moderate: dhcp: Fixed two denial of service flaws and some bugs
openSUSE Security Update: dhcp: Fixed two denial of service flaws and some
bugs
______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:1021-1
Rating: moderate
References: #700771 #711420 #712438 #712653 #714004
Cross-References: CVE-2011-2748 CVE-2011-2749
Affected Products:
openSUSE 11.4
openSUSE 11.3
______________________________________________________________________________

An update that solves two vulnerabilities and has three
fixes is now available. It includes two new package
versions.

Description:

This update of dhcp fixes two Denial of Service
(CVE-2011-2748, CVE-2011-2749) vulnerabilities caused by
specially crafted BOOTP packets.

Also following bugs were fixed:
- Moved server pid files into chroot directory even chroot
is not used and create a link in /var/run, so it can
write one when started as user without chroot and avoid
stop problems when the chroot sysconfig setting changed
(bnc#712438).
- Fixed dhclient-script to not remove alias IP when it
didn't changed to not wipe out iptables connmark when
renewing the lease (bnc#700771). Thanks to James Carter
for the patch.
- Removed GPL licensed files (bind-*/contrib/dbus) from
bind.tgz to ensure, they're not used to build non-GPL
dhcp.
- Disabled log-info level messages in dhclient(6) quiet
mode to avoid excessive logging of non-critical messages
(bnc#711420).


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch dhcp-5081

- openSUSE 11.3:

zypper in -t patch dhcp-5081

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]:

dhcp-4.2.1-0.9.1
dhcp-client-4.2.1-0.9.1
dhcp-devel-4.2.1-0.9.1
dhcp-doc-4.2.1-0.9.1
dhcp-relay-4.2.1-0.9.1
dhcp-server-4.2.1-0.9.1

- openSUSE 11.3 (i586 x86_64) [New Version: 4.1.2.ESV.1]:

dhcp-4.1.2.ESV.1-0.10.1
dhcp-client-4.1.2.ESV.1-0.10.1
dhcp-devel-4.1.2.ESV.1-0.10.1
dhcp-doc-4.1.2.ESV.1-0.10.1
dhcp-relay-4.1.2.ESV.1-0.10.1
dhcp-server-4.1.2.ESV.1-0.10.1


References:

http://support.novell.com/security/cve/CVE-2011-2748.html
http://support.novell.com/security/cve/CVE-2011-2749.html
https://bugzilla.novell.com/700771
https://bugzilla.novell.com/711420
https://bugzilla.novell.com/712438
https://bugzilla.novell.com/712653
https://bugzilla.novell.com/714004


< Previous Next >
This Thread
  • No further messages