Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Debian LTS: DLA-1313-1 Critical isc-dhcp Out-of-Bounds Access Issue

debian lts
Calendar Grey March 22, 2018
Dist Debian Esm H88
The ISC DHCP update addresses several vulnerabilities affecting both client and server operations, which are vital for Debian environments.
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server

Summary

CVE-2018-5732

Felix Wilhelm of the Google Security Team discovered that the DHCP
client is prone to an out-of-bound memory access vulnerability when
processing specially constructed DHCP options responses, resulting
in potential execution of arbitrary code by a malicious DHCP server.

CVE-2018-5733

Felix Wilhelm of the Google Security Team discovered that the DHCP
server does not properly handle reference counting when processing
client requests. A malicious client can take advantage of this flaw
to cause a denial of service (dhcpd crash) by sending large amounts
of traffic.


For Debian 7 "Wheezy", these problems have been fixed in version
4.2.2.dfsg.1-5+deb70u9.

We recommend that you upgrade your isc-dhcp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: isc-dhcp
Version: 4.2.2.dfsg.1-5+deb70u9
CVE ID: CVE-2018-5732 CVE-2018-5733

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here