Detalji

Otkrivena su i ispravljena tri propusta vezana uz DHCP (eng. Dynamic Host Configuration Protocol), implementaciji protokola za automatsku dodjelu IP adresa računalima u mreži. Propusti se očituju prilikom obrade poruka s adrese koja je odbijena ili označena kao nedohvatljiva, ali samo kod DHCPv6 poslužitelja (DHCPv4 poslužitelji nisu pogođeni ovim propustima). Propuste može iskoristiti udaljeni napadač za izvođenje DoS (eng. Denial of Service) napada slanjem posebno oblikovane poruke. Svim korisnicima se savjetuje korištenje najnovije inačice.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-0862
2011-01-28 18:50:50
--------------------------------------------------------------------------------

Name        : dhcp
Product     : Fedora 14
Version     : 4.2.0
Release     : 19.P2.fc14
URL         : http://isc.org/products/DHCP/
Summary     : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.  The dhcp package includes the
ISC DHCP service and relay agent.

To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon.  The dhcp package provides
the ISC DHCP service and relay agent.

--------------------------------------------------------------------------------
Update Information:

A flaw was discovered in the way the dhcpd daemon processed a message for an
address that had been previously declined and internally tagged as abandoned.
Processing such a message could trigger an assert failure that could crash dhcpd
if it was running as a DHCPv6 server. DHCPv4 servers are unaffected.
(CVE-2011-0413)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan 27 2011 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-19.P2
- CVE-2011-0413: Unexpected abort caused by a DHCPv6 decline message (#672996)
* Thu Jan 13 2011 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-18.P2
- Fix loading of configuration when LDAP is used (#668276)
* Mon Jan  3 2011 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-17.P2
- Fix OMAPI (#666441)
* Mon Dec 13 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-16.P2
- 4.2.0-P2: fix for CVE-2010-3616 (#662326)
- Use upstream fix for #628258
* Tue Nov  9 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-15.P1
- Applied Patrik Lahti's patch for DHCPv6 over PPP support (#626514)
* Fri Nov  5 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-14.P1
- fix broken dependencies
* Thu Nov  4 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-13.P1
- 4.2.0-P1: fix for CVE-2010-3611 (#649880)
- dhclient-script: when updating 'search' statement in resolv.conf,
  add domain part of hostname if it's not already there (#637763)
* Wed Oct 13 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-12
- Server was ignoring client's
  Solicit (where client included address/prefix as a preference) (#634842)
* Thu Oct  7 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-11
- Use ping instead of arping in dhclient-script to handle
  not-on-local-net gateway in ARP-less device (#524298)
* Thu Oct  7 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-10
- Check whether there is any unexpired address in previous lease
  prior to confirming (INIT-REBOOT) the lease (#585418)
* Mon Oct  4 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-9
- RFC 3442 - ignore Router option only if
  Classless Static Routes option contains default router
* Thu Sep 30 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-8
- Explicitly clear the ARP cache and flush all addresses & routes
  instead of bringing the interface down (#574568)
* Tue Sep  7 2010 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.0-7
- Hardening dhcpd/dhcrelay/dhclient by making them PIE & RELRO
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672755 - CVE-2011-0413 dhcp: unexpected abort caused by a DHCPv6
decline message
        https://bugzilla.redhat.com/show_bug.cgi?id=672755
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Idi na vrh