openSUSE Security Update: dhcp security update ______________________________________________________________________________ Announcement ID: openSUSE-SU-2011:0352-1 Rating: important References: #675052 Affected Products: openSUSE 11.4 openSUSE 11.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: A rogue dhcp server could instruct clients to use a host name that contains shell meta characters. Since many scripts in the system do not expect unusal characters in the system's host name the dhcp client needs to sanitize the host name offered by the server (CVE-2011-0996). This update also fixes packet handling with xen partial UDP checksums. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch dhcpcd-4358 - openSUSE 11.3: zypper in -t patch dhcpcd-4357 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): dhcpcd-3.2.3-66.67.1 - openSUSE 11.3 (i586 x86_64): dhcpcd-3.2.3-61.64.1 References: https://bugzilla.novell.com/675052