[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] New vulnerability in Kea DHCP servers (CVE-2015-8373) is now public
From:       ISC Security Officer <security-officer () isc ! org>
Date:       2015-12-22 21:31:05
Message-ID: 5679C119.9070402 () isc ! org
[Download RAW message or body]


Please be advised that ISC publicly announced a critical vulnerability
in the Kea DHCP servers.

The CVE-2015-8373 is a denial-of-service vector which can be exploited
remotely against DHCPv4 and DHCPv6 servers by sending malformed packet.
Please find the details in the security advisory.
https://kb.isc.org/article/AA-01318

New releases of Kea, including security fixes for this vulnerability,
are available at: www.isc.org/downloads/

Release notes can be obtained using the following links:

ftp://ftp.isc.org/isc/kea/0.9.2-P1/KeaReleaseNotes092P1.txt
ftp://ftp.isc.org/isc/kea/1.0.0-beta2/KeaReleaseNotes100beta2.txt

Marcin Siodelski
(as ISC Security Officer)


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]