-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:151 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : July 15, 2009 Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0, Corporate 4.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in ISC DHCP: Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option (CVE-2009-0692). This update provides fixes for this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 4cd13c0fa308591d86453aa7c626a98d 2008.1/i586/dhcp-client-3.0.6-5.1mdv2008.1.i586.rpm d5c653262e5a7fcd9e4e9a4b15bce95e 2008.1/i586/dhcp-common-3.0.6-5.1mdv2008.1.i586.rpm 64f32fb6dd70254ddcb03fb37b76584f 2008.1/i586/dhcp-devel-3.0.6-5.1mdv2008.1.i586.rpm 9f34d9a940606e840f55afca2278530d 2008.1/i586/dhcp-doc-3.0.6-5.1mdv2008.1.i586.rpm d019d096e3a39d0de8c009840acfaa5b 2008.1/i586/dhcp-relay-3.0.6-5.1mdv2008.1.i586.rpm 86f63eba79002256abc419571cc08966 2008.1/i586/dhcp-server-3.0.6-5.1mdv2008.1.i586.rpm 2cf6f851a2ffac9bcebd76ded76afbe0 2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: b3f83840a4bdc9a9e9c45bdda724c074 2008.1/x86_64/dhcp-client-3.0.6-5.1mdv2008.1.x86_64.rpm b3e44b2256ef7f965eb6f34c4dabcfc2 2008.1/x86_64/dhcp-common-3.0.6-5.1mdv2008.1.x86_64.rpm 0e0f0b3e95fd2b6c68c841012e79c2ff 2008.1/x86_64/dhcp-devel-3.0.6-5.1mdv2008.1.x86_64.rpm 00bdeee89cfe516bb64038a2938598d2 2008.1/x86_64/dhcp-doc-3.0.6-5.1mdv2008.1.x86_64.rpm 673894e8d9b0fce1b8c0216bc2d96b92 2008.1/x86_64/dhcp-relay-3.0.6-5.1mdv2008.1.x86_64.rpm 76a762d1e6b4b73d18d59a9bc17cfbf2 2008.1/x86_64/dhcp-server-3.0.6-5.1mdv2008.1.x86_64.rpm 2cf6f851a2ffac9bcebd76ded76afbe0 2008.1/SRPMS/dhcp-3.0.6-5.1mdv2008.1.src.rpm Mandriva Linux 2009.0: 7828772d45f2e49b28e0131690cae716 2009.0/i586/dhcp-client-3.0.7-1.3mdv2009.0.i586.rpm 10f29dfb03f0e12c02f763c35cc86920 2009.0/i586/dhcp-common-3.0.7-1.3mdv2009.0.i586.rpm 9ade5eec8deb2538a4fe6eee38b695b7 2009.0/i586/dhcp-devel-3.0.7-1.3mdv2009.0.i586.rpm ace9cd717c6703e92f3602da4ee67d79 2009.0/i586/dhcp-doc-3.0.7-1.3mdv2009.0.i586.rpm 26efcc14702c7135d472c269ca39351f 2009.0/i586/dhcp-relay-3.0.7-1.3mdv2009.0.i586.rpm b545b4bb4c7173c00c5f2d0905cee3d5 2009.0/i586/dhcp-server-3.0.7-1.3mdv2009.0.i586.rpm 1edad702b89a7cb00da60658541f80a1 2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 39c2269839704c240b67c197a74dbef6 2009.0/x86_64/dhcp-client-3.0.7-1.3mdv2009.0.x86_64.rpm 01c474de671fdcea02e1d0a9fe54a3f4 2009.0/x86_64/dhcp-common-3.0.7-1.3mdv2009.0.x86_64.rpm bf4583ab41bc8b01e12fb6ad154019a2 2009.0/x86_64/dhcp-devel-3.0.7-1.3mdv2009.0.x86_64.rpm 64879fd029304090683181522545e9e8 2009.0/x86_64/dhcp-doc-3.0.7-1.3mdv2009.0.x86_64.rpm 50989109d8caa700de1cdc0fe7b9b4c9 2009.0/x86_64/dhcp-relay-3.0.7-1.3mdv2009.0.x86_64.rpm 3b356f62ae5b07db2f309d36c3c765d6 2009.0/x86_64/dhcp-server-3.0.7-1.3mdv2009.0.x86_64.rpm 1edad702b89a7cb00da60658541f80a1 2009.0/SRPMS/dhcp-3.0.7-1.3mdv2009.0.src.rpm Mandriva Linux 2009.1: 71e07830a16cc391994dcf3ef9fc6dfc 2009.1/i586/dhcp-client-4.1.0-5.1mdv2009.1.i586.rpm 1d7012bea3a7d2c2edfce38499f4e193 2009.1/i586/dhcp-common-4.1.0-5.1mdv2009.1.i586.rpm ed3da60d275232ffe13b23eb6c5e64bf 2009.1/i586/dhcp-devel-4.1.0-5.1mdv2009.1.i586.rpm bc290c608b51a636e798778ea1505854 2009.1/i586/dhcp-doc-4.1.0-5.1mdv2009.1.i586.rpm 6cf00e2028827d7197955be009261e3a 2009.1/i586/dhcp-relay-4.1.0-5.1mdv2009.1.i586.rpm e5a49e05b77ae52ca1a76af5109407d2 2009.1/i586/dhcp-server-4.1.0-5.1mdv2009.1.i586.rpm 9aeb85d8e0eb0eb6ce03cf3db2124d2f 2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: f4c5b5021f8ba08bf9e3008cfcbca73d 2009.1/x86_64/dhcp-client-4.1.0-5.1mdv2009.1.x86_64.rpm 0772e5306d15b9dcf095099b2caa012f 2009.1/x86_64/dhcp-common-4.1.0-5.1mdv2009.1.x86_64.rpm 16a612f677999d895e5cf36bb5e595a9 2009.1/x86_64/dhcp-devel-4.1.0-5.1mdv2009.1.x86_64.rpm 8862bca44a1d1ee4b55ba84a0e132ed3 2009.1/x86_64/dhcp-doc-4.1.0-5.1mdv2009.1.x86_64.rpm d01b8aa8f8eff85859d34645063511e9 2009.1/x86_64/dhcp-relay-4.1.0-5.1mdv2009.1.x86_64.rpm 76bf9e340ed3fdaff1b55d8f6e8a77b1 2009.1/x86_64/dhcp-server-4.1.0-5.1mdv2009.1.x86_64.rpm 9aeb85d8e0eb0eb6ce03cf3db2124d2f 2009.1/SRPMS/dhcp-4.1.0-5.1mdv2009.1.src.rpm Corporate 3.0: 5c5d1c35b227dc1abdc64b359aca9fad corporate/3.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm 123b8e08573564fa32e3ca0344d8c0fc corporate/3.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm f5fd59531989ba2612dd5733644ee471 corporate/3.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm 2cd978815eb0a2921fc8da265c697cef corporate/3.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm c8cb1b80a941fdf42936622518b697fc corporate/3.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm a33f20def070596b266d8e53240004a5 corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm Corporate 3.0/X86_64: 8cfa75f48a936849aaea8d2a86eb788c corporate/3.0/x86_64/dhcp-client-3.0-1.rc14.0.2.C30mdk.x86_64.rpm d52fd82f673b4fea9ae75ab65d923df6 corporate/3.0/x86_64/dhcp-common-3.0-1.rc14.0.2.C30mdk.x86_64.rpm 125593fd03e14bb2c3f4db303169f2cb corporate/3.0/x86_64/dhcp-devel-3.0-1.rc14.0.2.C30mdk.x86_64.rpm c2d93ed438f3e86e2cbe8abf42745e8a corporate/3.0/x86_64/dhcp-relay-3.0-1.rc14.0.2.C30mdk.x86_64.rpm 26cd3ebb2cb90c1ad96adb7b9fd51295 corporate/3.0/x86_64/dhcp-server-3.0-1.rc14.0.2.C30mdk.x86_64.rpm a33f20def070596b266d8e53240004a5 corporate/3.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm Corporate 4.0: 6ad0c2915f332fc5b3e92c21dcf9f4a3 corporate/4.0/i586/dhcp-client-3.0.4-2.2.20060mlcs4.i586.rpm 06b5b65e8e3a7f73ef76285b28b44296 corporate/4.0/i586/dhcp-common-3.0.4-2.2.20060mlcs4.i586.rpm 3e03b623fe344c45c45e54e6406d8d6a corporate/4.0/i586/dhcp-devel-3.0.4-2.2.20060mlcs4.i586.rpm d220982a55e2d4c6e3d95944ea8c61c4 corporate/4.0/i586/dhcp-relay-3.0.4-2.2.20060mlcs4.i586.rpm 5d0c5ca15e8d53ef616d02ca3ea0561e corporate/4.0/i586/dhcp-server-3.0.4-2.2.20060mlcs4.i586.rpm 2b26e96371889d63227573cf8252a30a corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6fac390a2d1f0bc573843a6bdaa97d91 corporate/4.0/x86_64/dhcp-client-3.0.4-2.2.20060mlcs4.x86_64.rpm 6fe16cc08807c5dc93b55b6b5a478752 corporate/4.0/x86_64/dhcp-common-3.0.4-2.2.20060mlcs4.x86_64.rpm 4c8747a0cc72f49aa138e85eccc3f0aa corporate/4.0/x86_64/dhcp-devel-3.0.4-2.2.20060mlcs4.x86_64.rpm 80375f41430fd4bf08b0a945d97fb55b corporate/4.0/x86_64/dhcp-relay-3.0.4-2.2.20060mlcs4.x86_64.rpm a2c9ea695af81e2e7e1b02e042c6be89 corporate/4.0/x86_64/dhcp-server-3.0.4-2.2.20060mlcs4.x86_64.rpm 2b26e96371889d63227573cf8252a30a corporate/4.0/SRPMS/dhcp-3.0.4-2.2.20060mlcs4.src.rpm Multi Network Firewall 2.0: 306b2d346ce6f0b15065bb5d9d7f01d4 mnf/2.0/i586/dhcp-client-3.0-1.rc14.0.2.C30mdk.i586.rpm 6647587c8b18bab00651092ae03a53fe mnf/2.0/i586/dhcp-common-3.0-1.rc14.0.2.C30mdk.i586.rpm 344b17a9a4c1a5b430e46c005abb6b92 mnf/2.0/i586/dhcp-devel-3.0-1.rc14.0.2.C30mdk.i586.rpm 3ba378795bd28056e2cf15df82433f15 mnf/2.0/i586/dhcp-relay-3.0-1.rc14.0.2.C30mdk.i586.rpm 6810651722059cd1442bd72953b123a0 mnf/2.0/i586/dhcp-server-3.0-1.rc14.0.2.C30mdk.i586.rpm 123e2b911a2f959e1e933732fb33e78b mnf/2.0/SRPMS/dhcp-3.0-1.rc14.0.2.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKXhHnmqjQ0CJFipgRAl2EAJ483PDoMMs4y85H11Vqz/jlhfEGVgCg4hQB g3VfQivkDBXVmxB5U4dKJOo= =oGPW -----END PGP SIGNATURE-----