Uočen je i ispravljen propust u radu programskog paketa DHCP (eng. Dynamic Host Configuration Protocol), namijenjenog operacijskom sustavu Fedora 15. Riječ je o mrežnom protokolu koji omogućuje dinamičku dodjelu mrežnih postavki računalima priključenim na IP mrežu. Ranjivost je vezana uz DHCP klijente koji ne provjeravaju dovoljno određene opcije (primjerice naziv računala) u odgovorima DHCP poslužitelja. Zlonamjerni DHCP poslužitelj može iskoristiti propust za izvršavanje proizvoljnog koda na DHCP klijentu unosom posebno oblikovanog imena računala u poslanoj DHCP konfiguracijskoj poruci. Kao rješenje problema, preporučuje se nadogradnja paketa.
Fedora Update Notification
2011-04-07 02:14:21
Name : dhcp
Product : Fedora 15
Version : 4.2.1
Release : 4.P1.fc15
URL : http://isc.org/products/DHCP/
Summary : Dynamic host configuration protocol software
Description :
DHCP (Dynamic Host Configuration Protocol) is a protocol which allows
individual devices on an IP network to get their own network
configuration information (IP address, subnetmask, broadcast address,
etc.) from a DHCP server. The overall purpose of DHCP is to make it
easier to administer a large network. The dhcp package includes the
ISC DHCP service and relay agent.
To use DHCP on your network, install a DHCP service (or relay agent),
and on clients run a DHCP client daemon. The dhcp package provides
the ISC DHCP service and relay agent.
Update Information:
This is a SECURITY release of ISC DHCP, which fixes one security
related bug (CVE-2011-0997) in dhclient.
[ 1 ] Bug #689832 - CVE-2011-0997 dhclient: insufficient sanitization of
certain DHCP response values
This update can be installed with the "yum" update program. Use
su -c 'yum update dhcp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke