Synopsis: Important: dhcp security update Issue date: 2011-04-08 CVE Names: CVE-2011-0997 It was discovered that the DHCP client daemon, dhclient, did not sufficiently sanitize certain options provided in DHCP server replies, such as the client hostname. A malicious DHCP server could send such an option with a specially-crafted value to a DHCP client. If this option's value was saved on the client system, and then later insecurely evaluated by a process that assumes the option is trusted, it could lead to arbitrary code execution with the privileges of that process. (CVE-2011-0997) SL 4.x SRPMS: dhcp-3.0.1-67.el4.src.rpm i386: dhclient-3.0.1-67.el4.i386.rpm dhcp-3.0.1-67.el4.i386.rpm dhcp-devel-3.0.1-67.el4.i386.rpm x86_64: dhclient-3.0.1-67.el4.x86_64.rpm dhcp-3.0.1-67.el4.x86_64.rpm dhcp-devel-3.0.1-67.el4.x86_64.rpm SL 5.x SRPMS: dhcp-3.0.5-23.el5_6.4.src.rpm i386: dhclient-3.0.5-23.el5_6.4.i386.rpm dhcp-3.0.5-23.el5_6.4.i386.rpm dhcp-devel-3.0.5-23.el5_6.4.i386.rpm libdhcp4client-3.0.5-23.el5_6.4.i386.rpm libdhcp4client-devel-3.0.5-23.el5_6.4.i386.rpm x86_64: dhclient-3.0.5-23.el5_6.4.x86_64.rpm dhcp-3.0.5-23.el5_6.4.x86_64.rpm dhcp-devel-3.0.5-23.el5_6.4.i386.rpm dhcp-devel-3.0.5-23.el5_6.4.x86_64.rpm libdhcp4client-3.0.5-23.el5_6.4.i386.rpm libdhcp4client-3.0.5-23.el5_6.4.x86_64.rpm libdhcp4client-devel-3.0.5-23.el5_6.4.i386.rpm libdhcp4client-devel-3.0.5-23.el5_6.4.x86_64.rpm SL 6.x SRPMS: dhcp-4.1.1-12.P1.el6_0.4.src.rpm i386: dhclient-4.1.1-12.P1.el6_0.4.i686.rpm dhcp-4.1.1-12.P1.el6_0.4.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.4.i686.rpm x86_64: dhclient-4.1.1-12.P1.el6_0.4.x86_64.rpm dhcp-4.1.1-12.P1.el6_0.4.x86_64.rpm dhcp-devel-4.1.1-12.P1.el6_0.4.i686.rpm dhcp-devel-4.1.1-12.P1.el6_0.4.x86_64.rpm - Scientific Linux Development Team