Arch Linux Security Advisory ASA-201803-3 ======================================== Severity: High Date : 2018-03-05 CVE-ID : CVE-2018-5732 Package : dhclient Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-648 Summary ====== The package dhclient before version 4.4.1-1 is vulnerable to denial of service. Resolution ========= Upgrade to 4.4.1-1. # pacman -Syu "dhclient>=4.4.1-1" The problem has been fixed upstream in version 4.4.1. Workaround ========= None. Description ========== An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet. Impact ===== A remote attacker is able to crash the dhclient processes via a crafted DHCP response packet. References ========= https://kb.isc.org/article/AA-01565 https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html ;a=commitdiff;h=c5931725b48b121d232df4ba9e45bc41e0ba114d https://bugs.isc.org/Public/Bug/Display.html?id=47139 https://security.archlinux.org/CVE-2018-5732
ArchLinux: 201803-3: dhclient: denial of service
March 6, 2018
Summary
An out-of-bound memory access flaw was found in the way dhclient processed a DHCP response packet. A malicious DHCP server could potentially use this flaw to crash dhclient processes running on DHCP client machines via a crafted DHCP response packet.
Resolution
Upgrade to 4.4.1-1.
# pacman -Syu "dhclient>=4.4.1-1"
The problem has been fixed upstream in version 4.4.1.
References
https://kb.isc.org/article/AA-01565 https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html ;a=commitdiff;h=c5931725b48b121d232df4ba9e45bc41e0ba114d https://bugs.isc.org/Public/Bug/Display.html?id=47139 https://security.archlinux.org/CVE-2018-5732
Severity
Package : dhclient
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-648
Workaround
None.
News
HOWTOs
Features
About Us
Powered By
