SCIENTIFIC-LINUX-ERRATA Archives

May 2018

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Critical: dhcp on SL6.x i386/x86_64
From:
Scott Reid <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 15 May 2018 22:06:38 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (34 lines) 
Synopsis:          Critical: dhcp security update

Advisory ID:       SLSA-2018:1454-1

Issue Date:        2018-05-15

CVE Numbers:       CVE-2018-1111

--



Security Fix(es):



* A command injection flaw was found in the NetworkManager integration

script included in the DHCP client packages in Scientific Linux. A

malicious DHCP server, or an attacker on the local network able to spoof

DHCP responses, could use this flaw to execute arbitrary commands with

root privileges on systems using NetworkManager and configured to obtain

network configuration using the DHCP protocol. (CVE-2018-1111)

--



SL6

  x86_64

    dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm

    dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm

    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm

    dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm

    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm

  i386

    dhclient-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-4.1.1-53.P1.el6_9.4.i686.rpm

    dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2