Synopsis:          Critical: dhcp security update
Advisory ID:       SLSA-2018:1453-1
Issue Date:        2018-05-15
CVE Numbers:       CVE-2018-1111
--

Security Fix(es):

* A command injection flaw was found in the NetworkManager integration
script included in the DHCP client packages in Scientific Linux. A
malicious DHCP server, or an attacker on the local network able to spoof
DHCP responses, could use this flaw to execute arbitrary commands with
root privileges on systems using NetworkManager and configured to obtain
network configuration using the DHCP protocol. (CVE-2018-1111)
--

SL7
  x86_64
    dhclient-4.2.5-68.sl7_5.1.x86_64.rpm
    dhcp-common-4.2.5-68.sl7_5.1.x86_64.rpm
    dhcp-debuginfo-4.2.5-68.sl7_5.1.i686.rpm
    dhcp-debuginfo-4.2.5-68.sl7_5.1.x86_64.rpm
    dhcp-libs-4.2.5-68.sl7_5.1.i686.rpm
    dhcp-libs-4.2.5-68.sl7_5.1.x86_64.rpm
    dhcp-4.2.5-68.sl7_5.1.x86_64.rpm
    dhcp-devel-4.2.5-68.sl7_5.1.i686.rpm
    dhcp-devel-4.2.5-68.sl7_5.1.x86_64.rpm

- Scientific Linux Development Team