Detalji

Ispravljen je sigurnosni nedostatak otkriven u radu programskog paketa DHCP. Riječ je o programu koji omogućuje korištenje DHCP protokola za automatsku dodjelu IP adresa računalima na mreži. Propusti se očituju prilikom obrade poruka s adrese koja je odbijena ili označena kao nedohvatljiva, ali samo kod DHCPv6 poslužitelja. Napadaču omogućuje izvođenje DoS (eng. Denial of Service) napada. Pritom uspješna zlouporaba uključuje slanje posebno oblikovanih poruka. Svim se korisnicima ranjivog paketa, u svrhu zaštite, savjetuje korištenje novih programskih rješenja.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:022
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : dhcp
 Date    : February 7, 2011
 Affected: 2010.0, 2010.1
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in dhcp:
 
 The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV
 and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote
 attackers to cause a denial of service (assertion failure and daemon
 crash) by sending a message over IPv6 for a declined and abandoned
 address (CVE-2011-0413).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 65c4c7d0e66a2df6485307c2001f24b0 
2010.0/i586/dhcp-client-4.1.2-0.3mdv2010.0.i586.rpm
 524caa21dbe2e3cf36d4d16de7e53da2 
2010.0/i586/dhcp-common-4.1.2-0.3mdv2010.0.i586.rpm
 2f4c2b7920bdfd71c360af5f73bfdfe8 
2010.0/i586/dhcp-devel-4.1.2-0.3mdv2010.0.i586.rpm
 7c1cc00109e18e7d1464f9072bb719d6 
2010.0/i586/dhcp-doc-4.1.2-0.3mdv2010.0.i586.rpm
 dd92268889b6157b4714a19cfc5750fa 
2010.0/i586/dhcp-relay-4.1.2-0.3mdv2010.0.i586.rpm
 87dda0a955b93e8373610c1a0e173c30 
2010.0/i586/dhcp-server-4.1.2-0.3mdv2010.0.i586.rpm 
 b8f3fc8978ea01a0aca04724854ae1cf 
2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 e2bcb97dffaa40ad9658c2ca356f911b 
2010.0/x86_64/dhcp-client-4.1.2-0.3mdv2010.0.x86_64.rpm
 5d3c36e8169f632bc4cb0bee8c529af2 
2010.0/x86_64/dhcp-common-4.1.2-0.3mdv2010.0.x86_64.rpm
 f6496937c234008f680dc025affa7207 
2010.0/x86_64/dhcp-devel-4.1.2-0.3mdv2010.0.x86_64.rpm
 0c9ba464bb9440351ccb126f46d97837 
2010.0/x86_64/dhcp-doc-4.1.2-0.3mdv2010.0.x86_64.rpm
 e8dce1402658e8a46c2366b438d65622 
2010.0/x86_64/dhcp-relay-4.1.2-0.3mdv2010.0.x86_64.rpm
 97ecfed951ed5454b315b3b027b3337f 
2010.0/x86_64/dhcp-server-4.1.2-0.3mdv2010.0.x86_64.rpm 
 b8f3fc8978ea01a0aca04724854ae1cf 
2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm

 Mandriva Linux 2010.1:
 38ef869104c1db0f95fc6e7869be6f6c 
2010.1/i586/dhcp-client-4.1.2-0.3mdv2010.2.i586.rpm
 b99f897bd2c17fb3f03b89a996a4f7c1 
2010.1/i586/dhcp-common-4.1.2-0.3mdv2010.2.i586.rpm
 ac14dc0687bbb819ad9dd7e1681b49fb 
2010.1/i586/dhcp-devel-4.1.2-0.3mdv2010.2.i586.rpm
 234e482da875009f8eb4dd6b349c115c 
2010.1/i586/dhcp-doc-4.1.2-0.3mdv2010.2.i586.rpm
 d086d84360b98551f6287128f2d25cbf 
2010.1/i586/dhcp-relay-4.1.2-0.3mdv2010.2.i586.rpm
 4cf23679e74bd2d0f1b359880b1129eb 
2010.1/i586/dhcp-server-4.1.2-0.3mdv2010.2.i586.rpm 
 f57a5990f3e9c38367dbb6c855e30795 
2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 0cc5b90af0efcb5b6e316735c39cb3e1 
2010.1/x86_64/dhcp-client-4.1.2-0.3mdv2010.2.x86_64.rpm
 949622a9f8e4282d8c32e3aef359643f 
2010.1/x86_64/dhcp-common-4.1.2-0.3mdv2010.2.x86_64.rpm
 5af2129b4f4303aa3fa6e9ad0ce10597 
2010.1/x86_64/dhcp-devel-4.1.2-0.3mdv2010.2.x86_64.rpm
 4bf50dfbf0f8f7c2d867ca61d4abdb9f 
2010.1/x86_64/dhcp-doc-4.1.2-0.3mdv2010.2.x86_64.rpm
 b29f5b924eab6535ba5ee293629f75cb 
2010.1/x86_64/dhcp-relay-4.1.2-0.3mdv2010.2.x86_64.rpm
 3429f3b5bdb0d3684fe60df72ace7bb5 
2010.1/x86_64/dhcp-server-4.1.2-0.3mdv2010.2.x86_64.rpm 
 f57a5990f3e9c38367dbb6c855e30795 
2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNT+04mqjQ0CJFipgRAgp5AJ981fEMFBOppIo3Fom97Ji2FoSFEwCgkOhw
nDcqcIwXZxBYWbWoSElkj2c=
=GqhQ
-----END PGP SIGNATURE-----

Idi na vrh