Arch Linux: ASA-201803-4 High: DHCP Denial Of Service Alert

Arch Linux Security Advisory ASA-201803-4
========================================
Severity: High
Date    : 2018-03-05
CVE-ID  : CVE-2018-5733
Package : dhcp
Type    : denial of service
Remote  : Yes
Link    : https://security.archlinux.org/AVG-646

Summary
======
The package dhcp before version 4.4.1-1 is vulnerable to denial of
service.

Resolution
=========
Upgrade to 4.4.1-1.

# pacman -Syu "dhcp>=4.4.1-1"

The problem has been fixed upstream in version 4.4.1.

Workaround
=========
None.

Description
==========
A denial of service flaw was found in the way dhcpd handled reference
counting when processing client requests. A malicious DHCP client could
use this flaw to trigger a reference count overflow on the server side,
potentially causing dhcpd to crash, by sending large amounts of
traffic.

Impact
=====
A remote attacker is able to crash the dhcpd process by sending large
amounts of traffic.

References
=========
https://kb.isc.org/docs/aa-01567
https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8

https://security.archlinux.org/CVE-2018-5733