Alerts This Week
Warning Icon 1 562
Alerts This Week
Warning Icon 1 562

Slackware: 2011-097-01 Critical: DHCP Attack Prevention

slackware
Calendar Grey April 7, 2011
Dist Slackware Esm H88
Updated DHCP packages released to address a security vulnerability affecting multiple versions of Slackware.
New dhcp packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue

Summary

Here are the details from the Slackware 13.1 ChangeLog: patches/packages/dhcp-4.1_ESV_R2-i486-1_slack13.1.txz: Upgraded. In dhclient, check the data for some string options for reasonableness before passing it along to the script that interfaces with the OS. This prevents some possible attacks by a hostile DHCP server. For more information, see: https://www.cve.org/CVERecord?id=CVE-2011-0997 (* Security fix *)

Topics%20covered

Topics Covered

security advisory update critical slackware attack prevention dhcp

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/dhcp-3.1_ESV_R1-i386-1_slack9.0.tgz
Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/dhcp-3.1_ESV_R1-i486-1_slack9.1.tgz
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/dhcp-3.1_ESV_R1-i486-1_slack10.0.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches...

Read the Full Advisory

MD5 Signatures

Slackware 9.0 package: 73c933b8d8d5042132cf1fa6392b7a97 dhcp-3.1_ESV_R1-i386-1_slack9.0.tgz
Slackware 9.1 package: 7c301075191fb13fc5de23c7dd928e31 dhcp-3.1_ESV_R1-i486-1_slack9.1.tgz
Slackware 10.0 package: c3ff5e80433d5ebfa7d3b53c8b0a6cb4 dhcp-3.1_ESV_R1-i486-1_slack10.0.tgz
Slackware 10.1 package: 98d236075c3bda70a32b899f011c6af0 dhcp-3.1_ESV_R1-i486-1_slack10.1.tgz
Slackware 10.2 package: 1038c7dac65be62755518058f95f1f1f dhcp-3.1_ESV_R1-i486-1_slack10.2.tgz
Slackware 11.0 package: 277b2d9eb214d8289d4524522ba9cf2d dhcp-3.1_ESV_R1-i486-1_slack11.0.tgz
Slackware 12.0 package: 8f16117f5bcbab842f2d2850ae59c69b dhcp-3.1_ESV_R1-i486-1_slack12.0.tgz
Slackware 12.1 package: 23838569eaeff7b77c018c0620b22451 dhcp-3.1_ESV_R1-i486-1_slack12.1.tgz
Slackware 12.2 package: 7340a6bccc0e7cea6bb909ddb656b155 dhcp-3.1_ESV_R1-i486-1_slack12.2.tgz
Slackware 13.0 package: 83a5788e39c56ae557d04c069ecac7d5 dhcp-3.1_ESV_R1-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 747ecd88a9cc56156db1224015a28efb dhcp-3.1_ESV_R1-x86_64-1_slack13.0.txz
Slackware 13.1 package: 761c11ed9cd05a3c4e5c3cf43ce25e4c dhcp-4.1_ESV_R2-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 115792691fe87ed008cf81748674ac76 dhcp-4.1_ESV_R2-x86_64-1_slack13.1.txz
Slackware -current package: b279fba8283ac9a1aa67881fb716be0e n/dhcp-4.2.1_P1-i486-1.txz
Slackware x86_64 -current package: a4db2fa0bd8aed2000ca04ee1cd4ae69 n/dhcp-4.2.1_P1-x86_64-1.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory update critical slackware attack prevention dhcp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg dhcp-4.1_ESV_R2-i486-1_slack13.1.txz

Related News

Your message here