Hello community, here is the log from the commit of package dhcp for openSUSE:Factory checked in at Thu Feb 3 01:38:01 CET 2011. -------- --- dhcp/dhcp.changes 2010-12-13 09:59:06.000000000 +0100 +++ /mounts/work_src_done/STABLE/dhcp/dhcp.changes 2011-02-02 10:12:36.000000000 +0100 @@ -1,0 +2,7 @@ +Wed Feb 2 09:12:11 UTC 2011 - mt@suse.de + +- Applied security fix for unexpected abort caused by a DHCPv6 + decline message (CVE-2011-0413, VU#686084, bnc#667655). +- Fixed dhclient.conf to request the domain-search option. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcp.spec ++++++ --- /var/tmp/diff_new_pack.N1egAQ/_old 2011-02-03 01:37:30.000000000 +0100 +++ /var/tmp/diff_new_pack.N1egAQ/_new 2011-02-03 01:37:30.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package dhcp (Version 4.2.0.P2) +# spec file for package dhcp # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -36,7 +36,7 @@ Group: Productivity/Networking/Boot/Servers AutoReqProv: on Version: 4.2.0.P2 -Release: 1 +Release: 2 Summary: Common Files Used by ISC DHCP Software Url: http://www.isc.org/software/dhcp Source0: dhcp-%{isc_version}.tar.bz2 @@ -83,6 +83,7 @@ Patch40: dhcp-4.1.1-P1-lpf-bind-msg-fix.diff Patch41: dhcp-4.1.1-P1-relay-no-ip-on-interface.diff Patch42: dhcp-4.1.1-P1-optional-value-infinite-loop.diff +Patch43: dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -208,6 +209,7 @@ %patch40 -p1 %patch41 -p1 %patch42 -p1 +%patch43 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* ++++++ dhclient.conf ++++++ --- /var/tmp/diff_new_pack.N1egAQ/_old 2011-02-03 01:37:31.000000000 +0100 +++ /var/tmp/diff_new_pack.N1egAQ/_new 2011-02-03 01:37:31.000000000 +0100 @@ -35,7 +35,7 @@ # Request several well known/usefull dhcp options. request subnet-mask, broadcast-address, routers, rfc3442-classless-static-routes, - interface-mtu, host-name, domain-name, + interface-mtu, host-name, domain-name, domain-search, domain-name-servers, nis-domain, nis-servers, nds-context, nds-servers, nds-tree-name, netbios-name-servers, netbios-dd-server, ++++++ dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff ++++++
From ef8d97cd543d87135b3aae2d778a6f91cb800498 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski
Date: Wed, 2 Feb 2011 09:18:39 +0100 Subject: [PATCH] Unexpected abort caused by a DHCPv6 decline
Security fix (CVE-2011-0413, VU#686084, bnc#667655) extracted from
dhcp-4.2.1b1 sources; description from dhcp-4.2.1b1/RELNOTES:
! When processing a request in the DHCPv6 server code that specifies
an address that is tagged as abandoned (meaning we received a
decline request for it previously) don't attempt to move it from
the inactive to active pool as doing so can result in the server
crshing on an assert failure. Also retag the lease as active
and reset it's timeout value.
[ISC-Bugs #21921]
Signed-off-by: Marius Tomaschewski
participants (1)
-
root@hilbert.suse.de