openSUSE Security Update: dhcp security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0321-1 Rating: important References: #668194 #673792 #675052 #680298 Cross-References: CVE-2011-0997 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available. It includes one version update. Description: A rogue dhcp server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the dhcp client needs to sanitize the host name offered by the server (CVE-2011-0997). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dhcp-4313 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64) [New Version: 4.2.1]: dhcp-4.2.1-0.5.1 dhcp-client-4.2.1-0.5.1 dhcp-devel-4.2.1-0.5.1 dhcp-doc-4.2.1-0.5.1 dhcp-relay-4.2.1-0.5.1 dhcp-server-4.2.1-0.5.1 References: http://support.novell.com/security/cve/CVE-2011-0997.html https://bugzilla.novell.com/668194 https://bugzilla.novell.com/673792 https://bugzilla.novell.com/675052 https://bugzilla.novell.com/680298