Subject: | |
From: | |
Reply To: | |
Date: | Fri, 8 Apr 2011 17:34:27 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: dhcp security update
Issue date: 2011-04-08
CVE Names: CVE-2011-0997
It was discovered that the DHCP client daemon, dhclient, did not
sufficiently sanitize certain options provided in DHCP server replies, such
as the client hostname. A malicious DHCP server could send such an option
with a specially-crafted value to a DHCP client. If this option's value was
saved on the client system, and then later insecurely evaluated by a
process that assumes the option is trusted, it could lead to arbitrary code
execution with the privileges of that process. (CVE-2011-0997)
SL 4.x
SRPMS:
dhcp-3.0.1-67.el4.src.rpm
i386:
dhclient-3.0.1-67.el4.i386.rpm
dhcp-3.0.1-67.el4.i386.rpm
dhcp-devel-3.0.1-67.el4.i386.rpm
x86_64:
dhclient-3.0.1-67.el4.x86_64.rpm
dhcp-3.0.1-67.el4.x86_64.rpm
dhcp-devel-3.0.1-67.el4.x86_64.rpm
SL 5.x
SRPMS:
dhcp-3.0.5-23.el5_6.4.src.rpm
i386:
dhclient-3.0.5-23.el5_6.4.i386.rpm
dhcp-3.0.5-23.el5_6.4.i386.rpm
dhcp-devel-3.0.5-23.el5_6.4.i386.rpm
libdhcp4client-3.0.5-23.el5_6.4.i386.rpm
libdhcp4client-devel-3.0.5-23.el5_6.4.i386.rpm
x86_64:
dhclient-3.0.5-23.el5_6.4.x86_64.rpm
dhcp-3.0.5-23.el5_6.4.x86_64.rpm
dhcp-devel-3.0.5-23.el5_6.4.i386.rpm
dhcp-devel-3.0.5-23.el5_6.4.x86_64.rpm
libdhcp4client-3.0.5-23.el5_6.4.i386.rpm
libdhcp4client-3.0.5-23.el5_6.4.x86_64.rpm
libdhcp4client-devel-3.0.5-23.el5_6.4.i386.rpm
libdhcp4client-devel-3.0.5-23.el5_6.4.x86_64.rpm
SL 6.x
SRPMS:
dhcp-4.1.1-12.P1.el6_0.4.src.rpm
i386:
dhclient-4.1.1-12.P1.el6_0.4.i686.rpm
dhcp-4.1.1-12.P1.el6_0.4.i686.rpm
dhcp-devel-4.1.1-12.P1.el6_0.4.i686.rpm
x86_64:
dhclient-4.1.1-12.P1.el6_0.4.x86_64.rpm
dhcp-4.1.1-12.P1.el6_0.4.x86_64.rpm
dhcp-devel-4.1.1-12.P1.el6_0.4.i686.rpm
dhcp-devel-4.1.1-12.P1.el6_0.4.x86_64.rpm
- Scientific Linux Development Team
|
|
|