U radu programskog paketa DHCP uočena su i ispravljena dva propusta. Zlonamjerni napadači mogu iskoristiti navedene nedostatke za napad uskraćivanjem usluga (DoS).
Paket:
dhcp 4.x
Operacijski sustavi:
Fedora 16
Kritičnost:
6.1
Problem:
neodgovarajuće rukovanje datotekama
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-4868, CVE-2011-4539
Izvorni ID preporuke:
FEDORA-2012-0490
Izvor:
Fedora
Problem:
Uočeni su nedostaci u funkciji koja obrađuje prijave i u obradi regularnih izraza u datoteci "dhcpd.conf".
Posljedica:
Udaljeni napadači mogu iskoristiti navedene ranjivosti za napad uskraćivanjem usluga (DoS napad).
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-0490
2012-01-14 03:37:40
--------------------------------------------------------------------------------
Name : dhcp
Product : Fedora 16
Version : 4.2.3
Release : 5.P2.fc16
URL : http://isc.org/products/DHCP/
Summary : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.
To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides
the ISC DHCP service and relay agent.
--------------------------------------------------------------------------------
Update Information:
CVE-2011-4868: error in DDNS processing of DHCPv6 leases can cause ISC dhcpd
crash
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 13 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-5.P2
- 4.2.3-P2: fix for CVE-2011-4868 (#781246)
* Fri Dec 9 2011 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-4.P1
- 4.2.3-P1: fix for CVE-2011-4539 (#765681)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #781242 - CVE-2011-4868 dhcp: error in DDNS processing of DHCPv6
leases can cause ISC dhcpd crash
https://bugzilla.redhat.com/show_bug.cgi?id=781242
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke