ArchLinux: 201601-7: dhcpcd: denial of service
Summary
- CVE-2016-1503 (denial of service)
An issue has been discovered that can lead to a heap overflow via
malformed dhcp responses later in print_option (via dhcp_envoption1) due
to incorrect option length values.
- CVE-2016-1504 (denial of service)
A malformed dhcp response can lead to an invalid read/crash leading to
denial of service.
Resolution
Upgrade to 6.10.0-1.
# pacman -Syu "dhcpcd>=6.10.0-1"
The problem has been fixed upstream in version 6.10.0.
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1503 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1504
Workaround
None.