Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201601-7 ======================================== Severity: Medium Date : 2016-01-11 CVE-ID : CVE-2016-1503 CVE-2016-1504 Package : dhcpcd Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package dhcpcd before version 6.10.0-1 is vulnerable to denial of service. Resolution ========= Upgrade to 6.10.0-1. # pacman -Syu "dhcpcd>=6.10.0-1" The problem has been fixed upstream in version 6.10.0. Workaround ========= None. Description ========== - CVE-2016-1503 (denial of service) An issue has been discovered that can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. - CVE-2016-1504 (denial of service) A malformed dhcp response can lead to an invalid read/crash leading to denial of service. Impact ===== A remote attacker is able to send specially crafted packets leading to application crash resulting in denial of service. References ========= https://www.cve.org/CVERecord?id=CVE-2016-1503 https://www.cve.org/CVERecord?id=CVE-2016-1504