Re: Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 31.05.21 12:57, centos@xxxxxxx wrote:
Am 22/05/2021 um 06:15 schrieb Kenneth Porter:

-------- Forwarded Message --------
Subject:     Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
Date:     Fri, 21 May 2021 11:44:19 -0800
From:     Michael McNally <mcnally@xxxxxxx>
To:     dhcp-announce@xxxxxxxxxxxxx



Hello, dhcp-announce list subscribers,

It has been a while since our last post to this list.

Since the last time we posted news of a new release of ISC DHCP,
Internet Systems Consortium has adopted a practice of pre-announcing
expected security disclosures in order to give operators who use our
products a little advance warning and planning time.

For that reason, I am writing you today to let you know that a vulnerability in ISC DHCP will be publicly announced next week on Wednesday, 26 May 2021.

Further details about that vulnerability will be publicly disclosed next
week, and new releases of ISC DHCP that correct the vulnerability will be
made available at that time. It is our hope that this pre-announcement will
aid DHCP operators in preparing for that disclosure when it occurs.

The released announcement: https://kb.isc.org/docs/cve-2021-25217

Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update.

Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough...



https://access.redhat.com/security/cve/cve-2021-25217


--
Leon

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux