Kod programskog paketa DHCP uočeno je i ispravljeno više nepravilnosti. Zlonamjerni napadači su ih mogli iskoristiti za DoS napad.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11110
2012-07-26 03:24:09
--------------------------------------------------------------------------------

Name        : dhcp
Product     : Fedora 16
Version     : 4.2.3
Release     : 11.P2.fc16
URL         : http://isc.org/products/DHCP/
Summary     : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network.

To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon.  The dhcp package provides
the ISC DHCP service and relay agent.

--------------------------------------------------------------------------------
Update Information:

This is security bugfix release fixing several vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 27 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-11.P2
- isc_time_nowplusinterval() is not safe with 64-bit time_t (#662254, #789601)
* Wed Jul 25 2012 Tomas Hozza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-10.P2
- 4.2.4-P1: fix for CVE-2012-3570 CVE-2012-3571 and CVE-2012-3954 (#842892)
* Mon Jul  9 2012 Tomas Hozza <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-9.P2
- changed the list of %verify on the leases files (#837474)
* Wed Feb 22 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-8.P2
- don't send log messages to the standard error descriptor by default (#790387)
* Tue Feb  7 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-7.P2
- dhclient-script: install link-local static routes with correct scope (#787318)
* Mon Jan 23 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-6.P2
- revert change made in 4.2.3-2 because of failing failover inicialization
(#765967)
  the procedure is now:
  init lease file, init failover, init PID file, change effective user/group ID
- dhclient-script: allow static route with a 0.0.0.0 next-hop address (#769463)
* Fri Jan 13 2012 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-5.P2
- 4.2.3-P2: fix for CVE-2011-4868 (#781246)
* Fri Dec  9 2011 Jiri Popelka <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 12:4.2.3-4.P1
- 4.2.3-P1: fix for CVE-2011-4539 (#765681)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #842420 - CVE-2012-3571 dhcp: DoS due to error in handling malformed
client identifiers
        https://bugzilla.redhat.com/show_bug.cgi?id=842420
  [ 2 ] Bug #842424 - CVE-2012-3570 dhcp: DoS in DHCPv6 due to error in handling
malformed client identifiers
        https://bugzilla.redhat.com/show_bug.cgi?id=842424
  [ 3 ] Bug #842428 - CVE-2012-3954 dhcp: two memory leaks may result in DoS
        https://bugzilla.redhat.com/show_bug.cgi?id=842428
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce