Synopsis:	Critical: dhcp security update
Issue date:	2009-07-14
CVE Names:	CVE-2009-0692 CVE-2009-1893

The Mandriva Linux Engineering Team discovered a stack-based buffer
overflow flaw in the ISC DHCP client. If the DHCP client were to receive 
a malicious DHCP response, it could crash or execute arbitrary code with 
the permissions of the client (root). (CVE-2009-0692)

An insecure temporary file use flaw was discovered in the DHCP daemon's
init script ("/etc/init.d/dhcpd"). A local attacker could use this flaw 
to overwrite an arbitrary file with the output of the "dhcpd -t" command 
via a symbolic link attack, if a system administrator executed the DHCP 
init script with the "configtest", "restart", or "reload" option.
(CVE-2009-1893)

SL 3.0.x

      SRPMS:
dhcp-3.0.1-10.2_EL3.src.rpm
      i386:
dhclient-3.0.1-10.2_EL3.i386.rpm
dhcp-3.0.1-10.2_EL3.i386.rpm
dhcp-devel-3.0.1-10.2_EL3.i386.rpm
      x86_64:
dhclient-3.0.1-10.2_EL3.x86_64.rpm
dhcp-3.0.1-10.2_EL3.x86_64.rpm
dhcp-devel-3.0.1-10.2_EL3.x86_64.rpm

SL 4.x

      SRPMS:
dhcp-3.0.1-65.el4_8.1.src.rpm
      i386:
dhclient-3.0.1-65.el4_8.1.i386.rpm
dhcp-3.0.1-65.el4_8.1.i386.rpm
dhcp-devel-3.0.1-65.el4_8.1.i386.rpm
      x86_64:
dhclient-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-3.0.1-65.el4_8.1.x86_64.rpm
dhcp-devel-3.0.1-65.el4_8.1.x86_64.rpm


-Connie Sieh
-Troy Dawson