-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:114 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : June 11, 2010 Affected: 2009.1, 2010.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in dhcp: ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID (CVE-2010-2156). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2156 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: ca0e18771bae325324d45f8c881957b4 2009.1/i586/dhcp-client-4.1.0-5.6mdv2009.1.i586.rpm d2821b6d3c4b9a2d885d91a80d885f5e 2009.1/i586/dhcp-common-4.1.0-5.6mdv2009.1.i586.rpm be0312249bd3d4aa6abe3e7bba250ffd 2009.1/i586/dhcp-devel-4.1.0-5.6mdv2009.1.i586.rpm 56ef4ebe348a6c029dd31a04405c0be9 2009.1/i586/dhcp-doc-4.1.0-5.6mdv2009.1.i586.rpm c397f3ded9ec7ff7c4c6fb0f05694aaf 2009.1/i586/dhcp-relay-4.1.0-5.6mdv2009.1.i586.rpm c348f093fbe6fd618493315bb21ee0e4 2009.1/i586/dhcp-server-4.1.0-5.6mdv2009.1.i586.rpm b37e34eebb02721497899b73f2091fa4 2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: dd463d2c5d4bb3866f65faac52b86825 2009.1/x86_64/dhcp-client-4.1.0-5.6mdv2009.1.x86_64.rpm b4ab08a52f677d9154197361bb3beb71 2009.1/x86_64/dhcp-common-4.1.0-5.6mdv2009.1.x86_64.rpm 465ccd781073d4acd1820dfbe354d2c5 2009.1/x86_64/dhcp-devel-4.1.0-5.6mdv2009.1.x86_64.rpm 9479f7bb5755991cba4fe42a5762929f 2009.1/x86_64/dhcp-doc-4.1.0-5.6mdv2009.1.x86_64.rpm 4f07bb126d71a42bd4605817a6342e0f 2009.1/x86_64/dhcp-relay-4.1.0-5.6mdv2009.1.x86_64.rpm 17ac7274866aba46a64f39193516d527 2009.1/x86_64/dhcp-server-4.1.0-5.6mdv2009.1.x86_64.rpm b37e34eebb02721497899b73f2091fa4 2009.1/SRPMS/dhcp-4.1.0-5.6mdv2009.1.src.rpm Mandriva Linux 2010.0: 28f36037b4f4175aac2aa8c54db0230c 2010.0/i586/dhcp-client-4.1.0p1-2.4mdv2010.0.i586.rpm d5926e37a24c74a6f23aeb33f3311fd4 2010.0/i586/dhcp-common-4.1.0p1-2.4mdv2010.0.i586.rpm e763e2e523dcdc07499c3617bccf3377 2010.0/i586/dhcp-devel-4.1.0p1-2.4mdv2010.0.i586.rpm 7454f1929d461ae1473e5f083c906be9 2010.0/i586/dhcp-doc-4.1.0p1-2.4mdv2010.0.i586.rpm 1a9d158430198c933bbc6f3a4a9c3fbe 2010.0/i586/dhcp-relay-4.1.0p1-2.4mdv2010.0.i586.rpm 59c94ecf403cf53a5f25a88377977409 2010.0/i586/dhcp-server-4.1.0p1-2.4mdv2010.0.i586.rpm 4406b97779a93db5e62609e8a847af2d 2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 8eb8a46bdc51c5d8ef6b1f080d371dbb 2010.0/x86_64/dhcp-client-4.1.0p1-2.4mdv2010.0.x86_64.rpm 2fb5ca5e007b7b70bbaabf29a50a68f6 2010.0/x86_64/dhcp-common-4.1.0p1-2.4mdv2010.0.x86_64.rpm f808f1b130b73880aa2692f01e6d63d9 2010.0/x86_64/dhcp-devel-4.1.0p1-2.4mdv2010.0.x86_64.rpm c892404112bf109541ddfd22d0a904db 2010.0/x86_64/dhcp-doc-4.1.0p1-2.4mdv2010.0.x86_64.rpm 6a11b5dd6f0b764bd8bea7287c72b27d 2010.0/x86_64/dhcp-relay-4.1.0p1-2.4mdv2010.0.x86_64.rpm b9fd585ed151638c822610c474c288bb 2010.0/x86_64/dhcp-server-4.1.0p1-2.4mdv2010.0.x86_64.rpm 4406b97779a93db5e62609e8a847af2d 2010.0/SRPMS/dhcp-4.1.0p1-2.4mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMEgRYmqjQ0CJFipgRAtKfAJ49Y82PyYgsJdrlkNTJbyha4rH0QwCdHgxB GaSAf/bABHAXQ3UVRzkx8o0= =bg0v -----END PGP SIGNATURE-----