ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)

                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Michael McNally &lt;mcnally () isc org&gt;

Date: Wed, 26 May 2021 14:15:38 -0800

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On May 26, 2021, we (Internet Systems Consortium) disclosed a
vulnerability affecting our ISC DHCP software:

   CVE-2021-25217: A buffer overrun in lease file parsing code can be
   used to exploit a common vulnerability shared by dhcpd and dhclient
   https://kb.isc.org/docs/cve-2021-25217

New versions of ISC DHCP are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches selectively can
find individual vulnerability-specific patches in the "patches" subdirectory
of the release directories for our two stable release branches (4.4 and 4.1-ESV)

  https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches
  https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/patches

With the public announcement of this vulnerability, the embargo
period is ended and any updated software packages that have been
prepared may be released.

--

Michael McNally
(for ISC Security Officer)

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) Michael McNally (May 26)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->