ArchLinux: 201803-4: dhcp: denial of service
Summary
A denial of service flaw was found in the way dhcpd handled reference counting when processing client requests. A malicious DHCP client could use this flaw to trigger a reference count overflow on the server side, potentially causing dhcpd to crash, by sending large amounts of traffic.
Resolution
Upgrade to 4.4.1-1.
# pacman -Syu "dhcp>=4.4.1-1"
The problem has been fixed upstream in version 4.4.1.
References
https://kb.isc.org/docs/aa-01567 https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html ;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8 https://bugs.isc.org/Public/Bug/Display.html?id=47140 https://security.archlinux.org/CVE-2018-5733
Workaround
None.