-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:226 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : November 10, 2010 Affected: 2009.1, 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A vulnerability was discovered and corrected in ISC dhcp: ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before 4.2.0-P1 allows remote attackers to cause a denial of service (crash) via a DHCPv6 packet containing a Relay-Forward message without an address in the Relay-Forward link-address field (CVE-2010-3611). The updated packages have been upgraded to 4.1.2 which is not vulnerable to this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3611 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: 8ded7998e798f54c031ffe45a0fb76f6 2009.1/i586/dhcp-client-4.1.2-0.1mdv2009.1.i586.rpm c8d3449949bdb12058f388310ac73ac0 2009.1/i586/dhcp-common-4.1.2-0.1mdv2009.1.i586.rpm dc075f58d11682203f51297c5b360c2c 2009.1/i586/dhcp-devel-4.1.2-0.1mdv2009.1.i586.rpm 5ce2bbed0207c185cbe0170c6abdba5f 2009.1/i586/dhcp-doc-4.1.2-0.1mdv2009.1.i586.rpm 69f43ea4a05aedaaf809c8ccff68156c 2009.1/i586/dhcp-relay-4.1.2-0.1mdv2009.1.i586.rpm 437ee9bccc54a45d6b1dd6eb23f39af9 2009.1/i586/dhcp-server-4.1.2-0.1mdv2009.1.i586.rpm 3c2da5a436f72de695cefd65b18cd547 2009.1/SRPMS/dhcp-4.1.2-0.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 77d56091ab3a3b90e1f92937e9bb6955 2009.1/x86_64/dhcp-client-4.1.2-0.1mdv2009.1.x86_64.rpm 13616a15ec6b187a8b1692194d66351a 2009.1/x86_64/dhcp-common-4.1.2-0.1mdv2009.1.x86_64.rpm 0138ff116b25c9a9117f54a3a92f33c3 2009.1/x86_64/dhcp-devel-4.1.2-0.1mdv2009.1.x86_64.rpm 8574b0587437b62a14c812a2c7a33aba 2009.1/x86_64/dhcp-doc-4.1.2-0.1mdv2009.1.x86_64.rpm d1ed416ea679bb4437e53f769ab1d68f 2009.1/x86_64/dhcp-relay-4.1.2-0.1mdv2009.1.x86_64.rpm 64e10a176668bb778194ebd2d9d5a691 2009.1/x86_64/dhcp-server-4.1.2-0.1mdv2009.1.x86_64.rpm 3c2da5a436f72de695cefd65b18cd547 2009.1/SRPMS/dhcp-4.1.2-0.1mdv2009.1.src.rpm Mandriva Linux 2010.0: 903f10812f23512df8895d068eff3975 2010.0/i586/dhcp-client-4.1.2-0.1mdv2010.0.i586.rpm 915ccd834aea02f6f2063463d1cfffd5 2010.0/i586/dhcp-common-4.1.2-0.1mdv2010.0.i586.rpm 42a8c93e13370a2f52e7035dcfa73334 2010.0/i586/dhcp-devel-4.1.2-0.1mdv2010.0.i586.rpm 27d2e196a28e8221e90597d697a8bfdb 2010.0/i586/dhcp-doc-4.1.2-0.1mdv2010.0.i586.rpm cc27b55695952677b6f1edf37fa20517 2010.0/i586/dhcp-relay-4.1.2-0.1mdv2010.0.i586.rpm 8c3f88eeb112c3d25b892ebe6ae670b1 2010.0/i586/dhcp-server-4.1.2-0.1mdv2010.0.i586.rpm 4c67a5d3c889b878d8129d3dca4999c8 2010.0/SRPMS/dhcp-4.1.2-0.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 81d8694f3b3f8f129aac04ffbcd86cf1 2010.0/x86_64/dhcp-client-4.1.2-0.1mdv2010.0.x86_64.rpm 1ee211daf3292f281577a55dffcfab45 2010.0/x86_64/dhcp-common-4.1.2-0.1mdv2010.0.x86_64.rpm 42c5e9f44117f275dc7ae5b6b1a2a5a3 2010.0/x86_64/dhcp-devel-4.1.2-0.1mdv2010.0.x86_64.rpm 18c1acbc00ad3b96e13ff7cf499242c5 2010.0/x86_64/dhcp-doc-4.1.2-0.1mdv2010.0.x86_64.rpm ede58d17894f09d4caf94a7fa3db4476 2010.0/x86_64/dhcp-relay-4.1.2-0.1mdv2010.0.x86_64.rpm 1a578667e1225e8d1494682667965c7e 2010.0/x86_64/dhcp-server-4.1.2-0.1mdv2010.0.x86_64.rpm 4c67a5d3c889b878d8129d3dca4999c8 2010.0/SRPMS/dhcp-4.1.2-0.1mdv2010.0.src.rpm Mandriva Linux 2010.1: d6f9ed6e9ae1cb22c7ea80cdeeaaeda1 2010.1/i586/dhcp-client-4.1.2-0.1mdv2010.1.i586.rpm 4320e7b882da1f57111d94925b48b6c3 2010.1/i586/dhcp-common-4.1.2-0.1mdv2010.1.i586.rpm 208448b7b346eaf6d30044a570427a45 2010.1/i586/dhcp-devel-4.1.2-0.1mdv2010.1.i586.rpm 54fcd61586984f825842a40ebeb17c54 2010.1/i586/dhcp-doc-4.1.2-0.1mdv2010.1.i586.rpm c859b4eb9f7b4a7f01fee0a0267b14f4 2010.1/i586/dhcp-relay-4.1.2-0.1mdv2010.1.i586.rpm 1e36ecc067937b23271d503f3a76e21e 2010.1/i586/dhcp-server-4.1.2-0.1mdv2010.1.i586.rpm 24862cb48b62437378aadc11f95aaf22 2010.1/SRPMS/dhcp-4.1.2-0.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: fb27e016fd9aa6222ad3c6a0f3081194 2010.1/x86_64/dhcp-client-4.1.2-0.1mdv2010.1.x86_64.rpm d9badcccc61aaedbc3ed65958f7d7cdc 2010.1/x86_64/dhcp-common-4.1.2-0.1mdv2010.1.x86_64.rpm 5516227c03670cdcdc49e15435d1f604 2010.1/x86_64/dhcp-devel-4.1.2-0.1mdv2010.1.x86_64.rpm 8751bd29904fd1966df5c93c6c261482 2010.1/x86_64/dhcp-doc-4.1.2-0.1mdv2010.1.x86_64.rpm 01c4fe657f0b6b472b2981de5b0a0ad7 2010.1/x86_64/dhcp-relay-4.1.2-0.1mdv2010.1.x86_64.rpm 5e0a5c35f7bab109ecbeddf474496965 2010.1/x86_64/dhcp-server-4.1.2-0.1mdv2010.1.x86_64.rpm 24862cb48b62437378aadc11f95aaf22 2010.1/SRPMS/dhcp-4.1.2-0.1mdv2010.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFM2rWjmqjQ0CJFipgRAliCAKDCLltDs3aQoCbQoY8g8jJ+ZxMw5gCgkRgJ mIdAAYScJMwSiAY2lyJvARA= =eKH9 -----END PGP SIGNATURE-----