openSUSE Security Update: dhcp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2012:1254-1 Rating: moderate References: #780167 Cross-References: CVE-2012-3955 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: - Update to ISC dhcp-4.2.4-P2 release, providing a security fix for an issue with the use of lease times was found and fixed. Making certain changes to the end time of an IPv6 lease could cause the server to abort. Thanks to Glen Eustace of Massey University, New Zealand for finding this issue. ([ISC-Bugs #30281], CVE: CVE-2012-3955, bnc#780167) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch openSUSE-2012-642 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): dhcp-4.2.4.P2-0.30.1 dhcp-client-4.2.4.P2-0.30.1 dhcp-client-debuginfo-4.2.4.P2-0.30.1 dhcp-debuginfo-4.2.4.P2-0.30.1 dhcp-debugsource-4.2.4.P2-0.30.1 dhcp-devel-4.2.4.P2-0.30.1 dhcp-doc-4.2.4.P2-0.30.1 dhcp-relay-4.2.4.P2-0.30.1 dhcp-relay-debuginfo-4.2.4.P2-0.30.1 dhcp-server-4.2.4.P2-0.30.1 dhcp-server-debuginfo-4.2.4.P2-0.30.1 References: http://support.novell.com/security/cve/CVE-2012-3955.html https://bugzilla.novell.com/780167