Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
91
security advisorydenial of servicegentooGentoo: GLSA-201606-08 Moderate Risks Posed by DHCP Client Escalation
Multiple vulnerabilities have been found in dhcpcd allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201606-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dhcpcd: Multiple vulnerabilities Date: June 18, 2016 Bugs: #571152 ID: 201606-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in dhcpcd allowing remote attackers to possibly execute arbitrary code or cause a Denial of Service. Background ========= A fully featured, yet light weight RFC2131 compliant DHCP client Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcpcd < 6.10.0 > = 6.10.0 Description ========== A heap overflow can be trigged via malformed DHCP responses in the print_option (via dhcp_envoption1) due to incorrect option length values. These vulnerabilities could also allow remote attackers to trigger an invalid read/crash via malformed DHCP responses. Impact ===== Remote attackers could possibly execute arbitrary code with the privileges of the process or cause Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All dhcpcd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/dhcpcd-6.10.0†References ========= [ 1 ] CVE-2016-1503 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1503 [ 2 ]CVE-2016-1504 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1504 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201606-07 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jun 18, 2016
Gentoo
87
security advisorydenial of servicecriticalDebian Oldstable DSA-3534-1 Critical: DHCPCD Denial Of Service
Guido Vranken discovered several vulnerabilities in dhcpcd, a DHCP client, which may result in denial of service. For the oldstable distribution (wheezy), these problems have been fixed . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3534-1
Mar 29, 2016
•Critical
Debian
198
security advisorydenial of servicesecurity issueArch Linux 201601-7 Medium Severity: dhcpcd Denial Of Service
The package dhcpcd before version 6.10.0-1 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201601-7 ======================================== Severity: Medium Date : 2016-01-11 CVE-ID : CVE-2016-1503 CVE-2016-1504 Package : dhcpcd Type : denial of service Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package dhcpcd before version 6.10.0-1 is vulnerable to denial of service. Resolution ========= Upgrade to 6.10.0-1. # pacman -Syu "dhcpcd> =6.10.0-1" The problem has been fixed upstream in version 6.10.0. Workaround ========= None. Description ========== - CVE-2016-1503 (denial of service) An issue has been discovered that can lead to a heap overflow via malformed dhcp responses later in print_option (via dhcp_envoption1) due to incorrect option length values. - CVE-2016-1504 (denial of service) A malformed dhcp response can lead to an invalid read/crash leading to denial of service. Impact ===== A remote attacker is able to send specially crafted packets leading to application crash resulting in denial of service. References ========= https://www.cve.org/CVERecord?id=CVE-2016-1503 https://www.cve.org/CVERecord?id=CVE-2016-1504 . Ubuntu Linux security notice regarding OpenSSH discloses a moderate severity vulnerability patched in release 9.0p1-1.. dhcpcd, Denial Of Service, Arch Linux, Medium Severity. . Severity: Medium. LinuxSecurity.com Team
Jan 11, 2016
•Medium
ArchLinux
91
security advisorydenial of servicegentooGentoo: 201409-03 Normal Severity: dhcpcd Denial of Service
A vulnerability in dhcpcd can lead to a Denial of Service condition.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201409-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: dhcpcd: Denial of service Date: September 03, 2014 Bugs: #518596 ID: 201409-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in dhcpcd can lead to a Denial of Service condition. Background ========= dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcpcd < 6.4.3 > = 6.4.3 Description ========== A vulnerability has been discovered in dhcpcd. A malicious dhcp server can set flags as part of the dhcp reply that can cause a Denial of Service condition. Impact ===== A remote attacker can cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All dhcpcd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/dhcpcd-6.4.3" References ========= [ 1 ] CVE-2014-6060 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6060 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201409-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Anysecurity concerns should be addressed to
Sep 03, 2014
Gentoo
99
security advisorydenial of servicesecurity issueSlackware 14.1: SSA:2016-210-03 Critical: DHCPCD Service Interruption
New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcpcd (SSA:2014-213-02) New dhcpcd packages are available for Slackware 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/dhcpcd-6.0.5-i486-3_slack14.1.txz: Rebuilt. This update fixes a security issue where a specially crafted packet received from a malicious DHCP server causes dhcpcd to enter an infinite loop causing a denial of service. Thanks to Tobias Stoeckmann for the bug report. (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/dhcpcd-5.2.12-i486-2_slack13.1.txz Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/dhcpcd-5.2.12-x86_64-2_slack13.1.txz Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/dhcpcd-5.2.12-i486-2_slack13.37.txz Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/dhcpcd-5.2.12-x86_64-2_slack13.37.txz Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcpcd-5.5.6-i486-2_slack14.0.txz Updated package for Slackware x86_64 14.0: Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/dhcpcd-6.0.5-i486-3_slack14.1.txz Updated package for Slackware x86_6414.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/dhcpcd-6.0.5-x86_64-3_slack14.1.txz Updated package for Slackware -current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 13.1 package: 7ee61ba111c58bfe6147890bae50846e dhcpcd-5.2.12-i486-2_slack13.1.txz Slackware x86_64 13.1 package: b2976c0bc824c53da33bdeaf5647c99b dhcpcd-5.2.12-x86_64-2_slack13.1.txz Slackware 13.37 package: e8fc381c5c5623c3d591ff06585da7f7 dhcpcd-5.2.12-i486-2_slack13.37.txz Slackware x86_64 13.37 package: fa7f9341a63b2568a78a812dcbe2a220 dhcpcd-5.2.12-x86_64-2_slack13.37.txz Slackware 14.0 package: cb9cb0030a700a664f9634cea787e1a3 dhcpcd-5.5.6-i486-2_slack14.0.txz Slackware x86_64 14.0 package: 830d0d7230297fb9d8e454acc0ff7a1c dhcpcd-5.5.6-x86_64-2_slack14.0.txz Slackware 14.1 package: 0016202a22b11a4741039f302a50a246 dhcpcd-6.0.5-i486-3_slack14.1.txz Slackware x86_64 14.1 package: 1999479013557ec1e3eca33c7c2f3927 dhcpcd-6.0.5-x86_64-3_slack14.1.txz Slackware -current package: 6f7335d0dace5432244dcbfbadce9053 n/dhcpcd-6.0.5-i486-3.txz Slackware x86_64 -current package: 4d0d4e0ae8876022729802e31a30f86c n/dhcpcd-6.0.5-x86_64-3.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dhcpcd-6.0.5-i486-3_slack14.1.txz +-----+ . Recent updates to the dhcpcd packages in Slackware address a vulnerability that could lead to a denial of service. More information regarding the update is provided within.. dhcpcd packages, Slackware security, service disruption, package installation, security measures. . Severity: Critical. LinuxSecurity.com Team
Aug 01, 2014
•Critical
Slackware
91
security advisoryhigh severitygentooGentoo: GLSA-201301-04 High Risk: DHCPCD Remote Code Execution
A vulnerability has been found in dhcpcd, allowing remote attackers to execute arbitrary code on the DHCP client.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201301-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: dhcpcd: Arbitrary code execution Date: January 09, 2013 Bugs: #362459 ID: 201301-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been found in dhcpcd, allowing remote attackers to execute arbitrary code on the DHCP client. Background ========= dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/dhcpcd < 5.2.12 > = 5.2.12 Description ========== A vulnerability has been discovered in dhcpcd. Please review the CVE identifier referenced below for details. Impact ===== The vulnerability might allow an attacker to execute arbitrary code on the DHCP client. Workaround ========= There is no known workaround at this time. Resolution ========= All dhcpcd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-misc/dhcpcd-5.2.12" References ========= [ 1 ] CVE-2011-0996 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0996 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201301-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 09, 2013
Gentoo
87
security advisorydenial of serviceremote code executionDebian DSA-2498-1: Severe Dhcpcd Stack Overflow Vulnerability Alert
It was discovered that dhcpcd, a DHCP client, was vulnerable to a stack overflow. A malformed DHCP message could crash the client, causing a denial of service, and potentially remote code execution through properly designed malicous DHCP packets. . - ------------------------------------------------------------------------- Debian Security Advisory DSA-2498-1
Jun 24, 2012
•Important
Debian
99
security advisorydenial of servicesecurity fixSlackware 10.1: 2005-255-01 Moderate DHCPCD Denial Of Service
New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] dhcpcd DoS (SSA:2005-255-01) New dhcpcd packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a minor security issue. The dhcpcd daemon can be tricked into reading past the end of the DHCP buffer by a malicious DHCP server, which causes the dhcpcd daemon to crash and results in a denial of service. Of course, a malicious DHCP server could simply give you an IP address that wouldn't work, too, such as 127.0.0.1, but since people have been asking about this issue, here's a fix, and that's the extent of the impact. In other words, very little real impact. Even less detail about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CAN-2005-1848 Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz: Patched an issue where a remote attacker can cause dhcpcd to crash. For more information, see: https://www.cve.org/CVERecord?id=CAN-2005-1848 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 8.1: ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/dhcpcd-1.3.22pl4-i386-2.tgz Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/dhcpcd-1.3.22pl4-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz Updated package forSlackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/dhcpcd-1.3.22pl4-i486-2.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 8.1 package: 44b66bd3cd5c40462487d712d4a71658 dhcpcd-1.3.22pl4-i386-2.tgz Slackware 9.0 package: 8da58d01be00250353e5b2a170f62cc8 dhcpcd-1.3.22pl4-i386-2.tgz Slackware 9.1 package: b6cd305e1958850aef13eb33e5117cc0 dhcpcd-1.3.22pl4-i486-2.tgz Slackware 10.0 package: ec17f5bd67d70f5657adf7342a41e167 dhcpcd-1.3.22pl4-i486-2.tgz Slackware 10.1 package: 38d0418326a302e536e21a05e6bdb01f dhcpcd-1.3.22pl4-i486-2.tgz Slackware -current package: 4634de215bbdd2e9d2affc673ff38d3a dhcpcd-1.3.22pl4-i486-2.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg dhcpcd-1.3.22pl4-i486-2.tgz +-----+ . Recent updates to the dhcpcd packages for Slackware 8.1 and later address a vulnerability that could allow denial of service attacks via rogue DHCP servers.. dhcpcd, Denial Of Service, Slackware Update. . LinuxSecurity.com Team
Sep 13, 2005
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!