-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:154 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : July 19, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ISC DHCP: ISC DHCP Server is vulnerable to a denial of service, caused by the improper handling of DHCP requests. If the host definitions are mixed using dhcp-client-identifier and hardware ethernet, a remote attacker could send specially-crafted DHCP requests to cause the server to stop responding (CVE-2009-1892). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892 http://xforce.iss.net/xforce/xfdb/51717 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 29b8a0935610d6d6d0192fe02aa302f8 2008.1/i586/dhcp-client-3.0.7-0.2mdv2008.1.i586.rpm 12003e3d73e8e24b19688349f6ac9dee 2008.1/i586/dhcp-common-3.0.7-0.2mdv2008.1.i586.rpm a9af0e8028d6a63ff698e70af5aec43a 2008.1/i586/dhcp-devel-3.0.7-0.2mdv2008.1.i586.rpm 73f9a51fc2b5a6692b854a592be9f714 2008.1/i586/dhcp-doc-3.0.7-0.2mdv2008.1.i586.rpm 20ee01cb125211a2f8479085cc5ba83b 2008.1/i586/dhcp-relay-3.0.7-0.2mdv2008.1.i586.rpm 359f660886b803ec247e8ee59af120a5 2008.1/i586/dhcp-server-3.0.7-0.2mdv2008.1.i586.rpm ff73135449184c87f4bba6d82cf31ff1 2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 7a9008113ba3bb2bd8ea56b2c20a542f 2008.1/x86_64/dhcp-client-3.0.7-0.2mdv2008.1.x86_64.rpm 2380b88cd58a86e7a0169ba7f0d603a4 2008.1/x86_64/dhcp-common-3.0.7-0.2mdv2008.1.x86_64.rpm 7f27140edfbb3bdf3d8ed5e9c1b0920f 2008.1/x86_64/dhcp-devel-3.0.7-0.2mdv2008.1.x86_64.rpm 20dbd08ae173f66a650089f6d6386c3f 2008.1/x86_64/dhcp-doc-3.0.7-0.2mdv2008.1.x86_64.rpm bfc0548cf71d25ecac28291fe68fdbdc 2008.1/x86_64/dhcp-relay-3.0.7-0.2mdv2008.1.x86_64.rpm 97dea3fb3ae4f36c391886774cce151d 2008.1/x86_64/dhcp-server-3.0.7-0.2mdv2008.1.x86_64.rpm ff73135449184c87f4bba6d82cf31ff1 2008.1/SRPMS/dhcp-3.0.7-0.2mdv2008.1.src.rpm Mandriva Linux 2009.0: 2f69ac19c6cf2b28abaa9896d9780d61 2009.0/i586/dhcp-client-3.0.7-1.4mdv2009.0.i586.rpm 17495906e37600d564136da9f6630aff 2009.0/i586/dhcp-common-3.0.7-1.4mdv2009.0.i586.rpm 40a2a1567311125891524f7ab78a00c8 2009.0/i586/dhcp-devel-3.0.7-1.4mdv2009.0.i586.rpm 6aab312f879917e5ad18b8d71a2c01fc 2009.0/i586/dhcp-doc-3.0.7-1.4mdv2009.0.i586.rpm 5cb02b748989146b23d16fd4f652f41d 2009.0/i586/dhcp-relay-3.0.7-1.4mdv2009.0.i586.rpm 3840694bb31b4a3fcfe0831f2e3df6de 2009.0/i586/dhcp-server-3.0.7-1.4mdv2009.0.i586.rpm a7043fae8204b185a29f58df4368701c 2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b2c5a8403220d7ecb023825c46b0258b 2009.0/x86_64/dhcp-client-3.0.7-1.4mdv2009.0.x86_64.rpm 36658f344a6fb8a59714e1c6ea1b4bdd 2009.0/x86_64/dhcp-common-3.0.7-1.4mdv2009.0.x86_64.rpm 3174da37f260dbcd73656a8f0248d3b5 2009.0/x86_64/dhcp-devel-3.0.7-1.4mdv2009.0.x86_64.rpm e4ae61d08c4e1f43c28351164204b685 2009.0/x86_64/dhcp-doc-3.0.7-1.4mdv2009.0.x86_64.rpm 3c5998087fa8f08337d588262742ca87 2009.0/x86_64/dhcp-relay-3.0.7-1.4mdv2009.0.x86_64.rpm a5cfbe4e11c79d5ed56381b8dbf4185b 2009.0/x86_64/dhcp-server-3.0.7-1.4mdv2009.0.x86_64.rpm a7043fae8204b185a29f58df4368701c 2009.0/SRPMS/dhcp-3.0.7-1.4mdv2009.0.src.rpm Mandriva Linux 2009.1: 7ee14bb6be785f85466aa3295ef38c95 2009.1/i586/dhcp-client-4.1.0-5.2mdv2009.1.i586.rpm bae2305f153533012fc0ac75f21f51e0 2009.1/i586/dhcp-common-4.1.0-5.2mdv2009.1.i586.rpm 670d4f9f86ac82bbabd5b1724ebb3523 2009.1/i586/dhcp-devel-4.1.0-5.2mdv2009.1.i586.rpm 50e0b3512a0a1020fff852bf6d7d7a24 2009.1/i586/dhcp-doc-4.1.0-5.2mdv2009.1.i586.rpm 774d4b4217b6ee8245d2eead10727965 2009.1/i586/dhcp-relay-4.1.0-5.2mdv2009.1.i586.rpm 91f3f111a6114f4a8a548018ca6ee997 2009.1/i586/dhcp-server-4.1.0-5.2mdv2009.1.i586.rpm c4c0602219cde4f9c26083133d44aad2 2009.1/SRPMS/dhcp-4.1.0-5.2mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 507e724bc7f2409ced3ed30d107ecaf1 2009.1/x86_64/dhcp-client-4.1.0-5.2mdv2009.1.x86_64.rpm 3741f852b50138ced6c9264d26ef481d 2009.1/x86_64/dhcp-common-4.1.0-5.2mdv2009.1.x86_64.rpm 401fa1872372bde23e68c18204d6612e 2009.1/x86_64/dhcp-devel-4.1.0-5.2mdv2009.1.x86_64.rpm db3408468c018f848802b86258a7d9a0 2009.1/x86_64/dhcp-doc-4.1.0-5.2mdv2009.1.x86_64.rpm 9ff8a987bcac37069165abbb7a2b92d8 2009.1/x86_64/dhcp-relay-4.1.0-5.2mdv2009.1.x86_64.rpm 8e2793c3291e9d74a0410ac1840d3209 2009.1/x86_64/dhcp-server-4.1.0-5.2mdv2009.1.x86_64.rpm c4c0602219cde4f9c26083133d44aad2 2009.1/SRPMS/dhcp-4.1.0-5.2mdv2009.1.src.rpm Corporate 3.0: 2579fe8deb344508689512055ce29dfd corporate/3.0/i586/dhcp-client-3.0.7-0.2.C30mdk.i586.rpm 52e8b83eb436a4dd8025323d6759820b corporate/3.0/i586/dhcp-common-3.0.7-0.2.C30mdk.i586.rpm bf9acc7b5bd780c0c2d3f6d3b3fa7ed2 corporate/3.0/i586/dhcp-devel-3.0.7-0.2.C30mdk.i586.rpm f51db709432cec0a7ecac00de92ab231 corporate/3.0/i586/dhcp-relay-3.0.7-0.2.C30mdk.i586.rpm 3b0fafff03d3d9db2ada308209309399 corporate/3.0/i586/dhcp-server-3.0.7-0.2.C30mdk.i586.rpm f7739f068a0e4ef3eec1efad80261260 corporate/3.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm Corporate 3.0/X86_64: 69378a890175f223a0dde1aab0b160fa corporate/3.0/x86_64/dhcp-client-3.0.7-0.2.C30mdk.x86_64.rpm 6069ef3f209e12a8729dd1d213ccea51 corporate/3.0/x86_64/dhcp-common-3.0.7-0.2.C30mdk.x86_64.rpm 354a030572b687e588cc32ecae459445 corporate/3.0/x86_64/dhcp-devel-3.0.7-0.2.C30mdk.x86_64.rpm 1f2c28cde682364a96024c759ab3041d corporate/3.0/x86_64/dhcp-relay-3.0.7-0.2.C30mdk.x86_64.rpm 39cf0fdc29104dead281194bcce6ebf4 corporate/3.0/x86_64/dhcp-server-3.0.7-0.2.C30mdk.x86_64.rpm f7739f068a0e4ef3eec1efad80261260 corporate/3.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm Corporate 4.0: 2d7b13de179919ebb3b2c18ffb55fadc corporate/4.0/i586/dhcp-client-3.0.7-0.2.20060mlcs4.i586.rpm 4598ba0cb20aa6d71a95621af0054ce6 corporate/4.0/i586/dhcp-common-3.0.7-0.2.20060mlcs4.i586.rpm edabf8ebf430c4530bd4a36cc706db63 corporate/4.0/i586/dhcp-devel-3.0.7-0.2.20060mlcs4.i586.rpm e22bab6c0be555d4176cea8c62ec7797 corporate/4.0/i586/dhcp-relay-3.0.7-0.2.20060mlcs4.i586.rpm 8c128994103f0ad20d53aad8e64df664 corporate/4.0/i586/dhcp-server-3.0.7-0.2.20060mlcs4.i586.rpm ec90d04613959422efe01bc805bf8e41 corporate/4.0/SRPMS/dhcp-3.0.7-0.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 5b35010c5c9b174d844e8c1c670a5db6 corporate/4.0/x86_64/dhcp-client-3.0.7-0.2.20060mlcs4.x86_64.rpm 22ca67c56b3d5c81ddf550638c7d1a00 corporate/4.0/x86_64/dhcp-common-3.0.7-0.2.20060mlcs4.x86_64.rpm ee1de9b3cc4735f72c5a33a6f15c863f corporate/4.0/x86_64/dhcp-devel-3.0.7-0.2.20060mlcs4.x86_64.rpm df66aefcba6b66187e671e6b13cdc887 corporate/4.0/x86_64/dhcp-relay-3.0.7-0.2.20060mlcs4.x86_64.rpm 037458794aa93eea510a8223d8356caf corporate/4.0/x86_64/dhcp-server-3.0.7-0.2.20060mlcs4.x86_64.rpm ec90d04613959422efe01bc805bf8e41 corporate/4.0/SRPMS/dhcp-3.0.7-0.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: c62d66b4516d4c6931cc259ff633ee56 mnf/2.0/i586/dhcp-client-3.0.7-0.2.C30mdk.i586.rpm b8b9c87d7c001e4a4fd33b0c1cb04f4f mnf/2.0/i586/dhcp-common-3.0.7-0.2.C30mdk.i586.rpm f01dd6a858f26a79fcc1b63cc6b076cb mnf/2.0/i586/dhcp-devel-3.0.7-0.2.C30mdk.i586.rpm d7bc28fced326d7c6b454b2b62e231fc mnf/2.0/i586/dhcp-relay-3.0.7-0.2.C30mdk.i586.rpm 376a2b3929f94a2a2908f0f3ffc8be50 mnf/2.0/i586/dhcp-server-3.0.7-0.2.C30mdk.i586.rpm 7f671665f3b7c2eb2fe912aafe7a669f mnf/2.0/SRPMS/dhcp-3.0.7-0.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKYyl0mqjQ0CJFipgRAhbBAKDW9xz2Ds7/jc4jR7G3IoNH25pWqQCeNI+O 0Faz0uYVSwIKenYV/VVhBaA= =C9vJ -----END PGP SIGNATURE-----