Scientific Linux SL6: SLSA-2018-1454-1 Critical dhcp Command Injection

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Scientific Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protoc [More...]

Synopsis:          Critical: dhcp security update
Advisory ID:       SLSA-2018:1454-1
Issue Date:        2018-05-15
CVE Numbers:       CVE-2018-1111
--

Security Fix(es):

* A command injection flaw was found in the NetworkManager integration
script included in the DHCP client packages in Scientific Linux. A
malicious DHCP server, or an attacker on the local network able to spoof
DHCP responses, could use this flaw to execute arbitrary commands with
root privileges on systems using NetworkManager and configured to obtain
network configuration using the DHCP protocol. (CVE-2018-1111)
--

SL6
  x86_64
    dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm
    dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm
    dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm
  i386
    dhclient-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-4.1.1-53.P1.el6_9.4.i686.rpm
    dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm

- Scientific Linux Development Team