[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)
From: Michael McNally <mcnally () isc ! org>
Date: 2021-05-26 22:15:38
Message-ID: 69a91eea-3377-2ad1-cf21-8a1c929e2152 () isc ! org
[Download RAW message or body]
On May 26, 2021, we (Internet Systems Consortium) disclosed a
vulnerability affecting our ISC DHCP software:
CVE-2021-25217: A buffer overrun in lease file parsing code can be
used to exploit a common vulnerability shared by dhcpd and dhclient
https://kb.isc.org/docs/cve-2021-25217
New versions of ISC DHCP are available from https://www.isc.org/downloads
Operators and package maintainers who prefer to apply patches selectively=
can
find individual vulnerability-specific patches in the "patches" subdirect=
ory
of the release directories for our two stable release branches (4.4 and 4=
.1-ESV)
https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches
https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/patches
With the public announcement of this vulnerability, the embargo
period is ended and any updated software packages that have been
prepared may be released.
--
Michael McNally
(for ISC Security Officer)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic