openSUSE Security Update: dhcp: fixed remote denial of service attack ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:0625-1 Rating: moderate References: #783002 #784640 #788787 #791280 #791289 #794578 #811934 Cross-References: CVE-2013-2266 Affected Products: openSUSE 11.4 ______________________________________________________________________________ An update that solves one vulnerability and has 6 fixes is now available. Description: The ISC dhcp server was updated to fix a denial of service attack via regular expressions: - Removed regex.h check from configure in bind sources (bnc#811934,CVE-2013-2266). Make the bind export library build output visible. Also fixed: - Added dhcp6-server service template for SuSEfirewall2 (bnc#783002) - Applied a patch to ignore SIGPIPE instead to die in socket code before the errno==EPIPE checks are reached (bnc#794578, upstream report [ISC-Bugs #32222]) - Applied several obvious memleak and segfault fixes from 4.2.5rc1 and a correction of code to calculate timing values in dhcpv6 client to compare rebind value to infinity instead of renew(bnc#794578). - Fixed discovery of interfaces, which have only addresses with a label assigned (linux 2.0 "alias interfaces" compatibility) by switching to use the getifaddrs() as on BSD (bnc#791289, reported upstream as [ISC-Bugs #31992]). - Fixed parse buffer handling code to not avoid truncation of config > ~8k from bigger ldap objects. Fixed to free the ldap config buffer passed to the config parser and append new config, while the parser is in saved state (bnc#788787). - Fixed subclass name-ref and data quoting/escaping (bnc#788787). - Fixed memory leaks on ldap_read_config errors (bnc#788787). - Fixed dhclient-script to discard MTU lower-equal 576 rather than lower-than (bnc#791280). - dhcp-ldap: fixed a memleak while subnet range processing, fixed to reset bufix variable in ldap_read_function to 0 and to set buflen to the complete length (do not discard last character, usually \n). This caused a parsing error at further run of the function, e.g. while processing the second dhcpService container that the dhcpServer objectmay refer to (bnc#784640). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.4: zypper in -t patch 2013-56 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.4 (i586 x86_64): dhcp-4.2.4.P2-0.34.1 dhcp-client-4.2.4.P2-0.34.1 dhcp-client-debuginfo-4.2.4.P2-0.34.1 dhcp-debuginfo-4.2.4.P2-0.34.1 dhcp-debugsource-4.2.4.P2-0.34.1 dhcp-devel-4.2.4.P2-0.34.1 dhcp-doc-4.2.4.P2-0.34.1 dhcp-relay-4.2.4.P2-0.34.1 dhcp-relay-debuginfo-4.2.4.P2-0.34.1 dhcp-server-4.2.4.P2-0.34.1 dhcp-server-debuginfo-4.2.4.P2-0.34.1 References: http://support.novell.com/security/cve/CVE-2013-2266.html https://bugzilla.novell.com/783002 https://bugzilla.novell.com/784640 https://bugzilla.novell.com/788787 https://bugzilla.novell.com/791280 https://bugzilla.novell.com/791289 https://bugzilla.novell.com/794578 https://bugzilla.novell.com/811934