Hello community, here is the log from the commit of package dhcp for openSUSE:11.3 checked in at Fri Dec 9 16:36:06 CET 2011. -------- --- old-versions/11.3/UPDATES/all/dhcp/dhcp.changes 2011-08-30 10:35:54.000000000 +0200 +++ 11.3/dhcp/dhcp.changes 2011-12-09 14:22:11.000000000 +0100 @@ -1,0 +2,10 @@ +Fri Dec 9 13:20:44 UTC 2011 - mt@suse.com + +- Applied security fix for a DoS due to processing certain regular + expressions, extracted from 4.2.3-P1 (bnc#735610, CVE-2011-4539): + * Add a check for a null pointer before calling the regexec function. + Without out this check we could, under some circumstances, pass + a null pointer to the regexec function causing it to segfault. + Thanks to a report from BlueCat Networks. [ISC-Bugs #26704] + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 New: ---- dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dhcp.spec ++++++ --- /var/tmp/diff_new_pack.oQpTVW/_old 2011-12-09 16:34:15.000000000 +0100 +++ /var/tmp/diff_new_pack.oQpTVW/_new 2011-12-09 16:34:15.000000000 +0100 @@ -33,7 +33,7 @@ Group: Productivity/Networking/Boot/Servers AutoReqProv: on Version: 4.1.2.ESV.1 -Release: 0.<RELEASE10> +Release: 0.<RELEASE12> Summary: Common Files Used by ISC DHCP Software Url: http://www.isc.org/software/dhcp Source0: dhcp-%{isc_version}.tar.bz2 @@ -85,6 +85,7 @@ Patch43: dhcp-4.1-ESV-R1-xen-checksum.patch Patch44: dhcp-4.1-ESV-R1-CVE-2011-2748_2749.diff Patch45: dhcp-4.2.2-quiet-dhclient.bnc711420.diff +Patch46: dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ## PreReq: /bin/touch /sbin/chkconfig sysconfig BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -211,6 +212,7 @@ %patch43 -p1 %patch44 -p1 %patch45 -p1 +%patch46 -p1 ## find . -type f -name \*.cat\* -exec rm -f {} \; dos2unix contrib/ms2isc/* ++++++ dhcp-4.2.2-CVE-2011-4539-regex-DoS.bnc735610.diff ++++++
From 34f5e08fd3265f950b460dd5886d15984e69a765 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski
Date: Fri, 9 Dec 2011 13:45:53 +0100 Subject: [PATCH] CVE-2011-4539 regex DoS
Extracted from 4.2.3-P1:
Add a check for a null pointer before calling the regexec function.
Without out this check we could, under some circumstances, pass
a null pointer to the regexec function causing it to segfault.
Thanks to a report from BlueCat Networks. [ISC-Bugs #26704].
Signed-off-by: Marius Tomaschewski