openSUSE-SU-2011:1021-1: moderate: dhcp: Fixed two denial of service flaws and some bugs

openSUSE Security Update: dhcp: Fixed two denial of service flaws and some bugs ______________________________________________________________________________

Announcement ID: openSUSE-SU-2011:1021-1 Rating: moderate References: #700771 #711420 #712438 #712653 #714004 Cross-References: CVE-2011-2748 CVE-2011-2749 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________

An update that solves two vulnerabilities and has three fixes is now available. It includes two new package versions.

Description:

This update of dhcp fixes two Denial of Service (CVE-2011-2748, CVE-2011-2749) vulnerabilities caused by specially crafted BOOTP packets.

Also following bugs were fixed: - Moved server pid files into chroot directory even chroot is not used and create a link in /var/run, so it can write one when started as user without chroot and avoid stop problems when the chroot sysconfig setting changed (bnc#712438). - Fixed dhclient-script to not remove alias IP when it didn't changed to not wipe out iptables connmark when renewing the lease (bnc#700771). Thanks to James Carter for the patch. - Removed GPL licensed files (bind-*/contrib/dbus) from bind.tgz to ensure, they're not used to build non-GPL dhcp. - Disabled log-info level messages in dhclient(6) quiet mode to avoid excessive logging of non-critical messages (bnc#711420).

Patch Instructions:

To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:

- openSUSE 11.4:

zypper in -t patch dhcp-5081

- openSUSE 11.3:

zypper in -t patch dhcp-5081

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]:

dhcp-4.2.1-0.9.1 dhcp-client-4.2.1-0.9.1 dhcp-devel-4.2.1-0.9.1 dhcp-doc-4.2.1-0.9.1 dhcp-relay-4.2.1-0.9.1 dhcp-server-4.2.1-0.9.1

- openSUSE 11.3 (i586 x86_64) [New Version: 4.1.2.ESV.1]:

dhcp-4.1.2.ESV.1-0.10.1 dhcp-client-4.1.2.ESV.1-0.10.1 dhcp-devel-4.1.2.ESV.1-0.10.1 dhcp-doc-4.1.2.ESV.1-0.10.1 dhcp-relay-4.1.2.ESV.1-0.10.1 dhcp-server-4.1.2.ESV.1-0.10.1

References:

http://support.novell.com/security/cve/CVE-2011-2748.html http://support.novell.com/security/cve/CVE-2011-2749.html https://bugzilla.novell.com/700771 https://bugzilla.novell.com/711420 https://bugzilla.novell.com/712438 https://bugzilla.novell.com/712653 https://bugzilla.novell.com/714004