On 31.05.21 12:57, centos@xxxxxxx wrote:
Am 22/05/2021 um 06:15 schrieb Kenneth Porter:
-------- Forwarded Message --------
Subject: Pre-announcement of an ISC DHCP security issue scheduled
for disclosure 26 May 2021
Date: Fri, 21 May 2021 11:44:19 -0800
From: Michael McNally <mcnally@xxxxxxx>
To: dhcp-announce@xxxxxxxxxxxxx
Hello, dhcp-announce list subscribers,
It has been a while since our last post to this list.
Since the last time we posted news of a new release of ISC DHCP,
Internet Systems Consortium has adopted a practice of pre-announcing
expected security disclosures in order to give operators who use our
products a little advance warning and planning time.
For that reason, I am writing you today to let you know that a
vulnerability
in ISC DHCP will be publicly announced next week on Wednesday, 26 May
2021.
Further details about that vulnerability will be publicly disclosed next
week, and new releases of ISC DHCP that correct the vulnerability will be
made available at that time. It is our hope that this pre-announcement
will
aid DHCP operators in preparing for that disclosure when it occurs.
The released announcement: https://kb.isc.org/docs/cve-2021-25217
Any updates on this? From the announcement I take it that the version
used in C7 (4.2.5) is likely affected - yet there was no update.
Disclaimer: I did not check if upstream has released anything and I did
not check if the preconditions for the crash case are met by the current
package. Nevertheless, the "loosing a lease" case is bad enough...
https://access.redhat.com/security/cve/cve-2021-25217
--
Leon
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos