openSUSE Security Update: dhcp: Fixed two denial of service flaws and some bugs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:1021-1 Rating: moderate References: #700771 #711420 #712438 #712653 #714004 Cross-References: CVE-2011-2748 CVE-2011-2749 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. It includes two new package versions. Description: This update of dhcp fixes two Denial of Service (CVE-2011-2748, CVE-2011-2749) vulnerabilities caused by specially crafted BOOTP packets. Also following bugs were fixed: - Moved server pid files into chroot directory even chroot is not used and create a link in /var/run, so it can write one when started as user without chroot and avoid stop problems when the chroot sysconfig setting changed (bnc#712438). - Fixed dhclient-script to not remove alias IP when it didn't changed to not wipe out iptables connmark when renewing the lease (bnc#700771). Thanks to James Carter for the patch. - Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz to ensure, they're not used to build non-GPL dhcp. - Disabled log-info level messages in dhclient(6) quiet mode to avoid excessive logging of non-critical messages (bnc#711420). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dhcp-5081 - openSUSE 11.3: zypper in -t patch dhcp-5081 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]: dhcp-4.2.1-0.9.1 dhcp-client-4.2.1-0.9.1 dhcp-devel-4.2.1-0.9.1 dhcp-doc-4.2.1-0.9.1 dhcp-relay-4.2.1-0.9.1 dhcp-server-4.2.1-0.9.1 - openSUSE 11.3 (i586 x86_64) [New Version: 4.1.2.ESV.1]: dhcp-4.1.2.ESV.1-0.10.1 dhcp-client-4.1.2.ESV.1-0.10.1 dhcp-devel-4.1.2.ESV.1-0.10.1 dhcp-doc-4.1.2.ESV.1-0.10.1 dhcp-relay-4.1.2.ESV.1-0.10.1 dhcp-server-4.1.2.ESV.1-0.10.1 References: http://support.novell.com/security/cve/CVE-2011-2748.html http://support.novell.com/security/cve/CVE-2011-2749.html https://bugzilla.novell.com/700771 https://bugzilla.novell.com/711420 https://bugzilla.novell.com/712438 https://bugzilla.novell.com/712653 https://bugzilla.novell.com/714004