'[USN-3586-2] DHCP vulnerabilities'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ubuntu-security-announce
Subject:    [USN-3586-2] DHCP vulnerabilities
From:       "Leonidas S. Barbosa" <leo.barbosa () canonical ! com>
Date:       2018-05-28 16:21:51
Message-ID: 1527524511.12809.2.camel () canonical ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]

==========================================================================
Ubuntu Security Notice USN-3586-2
May 28, 2018

isc-dhcp vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM

Summary:

Several security issues were fixed in DHCP.

Software Description:
- isc-dhcp: DHCP server and client

Details:

USN-3586-1 fixed a vulnerability in DHCP. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

  Felix Wilhelm discovered that the DHCP client incorrectly handled
  certain malformed responses. A remote attacker could use this issue to
  cause the DHCP client to crash, resulting in a denial of service, or
  possibly execute arbitrary code. In the default installation,
  attackers would be isolated by the dhclient AppArmor profile.  
  (CVE-2018-5732)

  Felix Wilhelm discovered that the DHCP server incorrectly handled
  reference counting. A remote attacker could possibly use this issue to
  cause the DHCP server to crash, resulting in a denial of service.
  (CVE-2018-5733)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
   isc-dhcp-client                                  4.1.ESV-R4-0ubuntu5.13
   isc-dhcp-relay                                    4.1.ESV-R4-0ubuntu5.13
   isc-dhcp-server                                  4.1.ESV-R4-0ubuntu5.13
   isc-dhcp-server-ldap                        4.1.ESV-R4-0ubuntu5.13

In general, a standard system update will make all the necessary
changes.

References:
   https://usn.ubuntu.com/usn/usn-3586-2
   https://usn.ubuntu.com/usn/usn-3586-1
   CVE-2018-5732, CVE-2018-5733
["signature.asc" (application/pgp-signature)]
[Attachment #6 (text/plain)]

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

[prev in list] [next in list] [prev in thread] [next in thread] 