Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

[CVE-2012-2152] dhcpcd 3.2.3 remote stack overflow / denial of service

Related Vulnerabilities: CVE-2012-2152  

Source

Debian Bug report logs - #671265
[CVE-2012-2152] dhcpcd 3.2.3 remote stack overflow / denial of service

version graph

Package: dhcpcd; Maintainer for dhcpcd is Martin-Éric Racine <martin-eric.racine@iki.fi>; Source for dhcpcd is src:dhcpcd (PTS, buildd, popcon).

Reported by: Luciano Bello <luciano@debian.org>

Date: Wed, 2 May 2012 20:09:05 UTC

Severity: important

Tags: patch, security

Fixed in version dhcpcd/1:3.2.3-11

Done: Simon Kelley <simon@thekelleys.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Simon Kelley <simon@thekelleys.org.uk>:
Bug#671265; Package dhcpcd. (Wed, 02 May 2012 20:09:07 GMT) (full text, mbox, link).

Acknowledgement sent to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Simon Kelley <simon@thekelleys.org.uk>. (Wed, 02 May 2012 20:09:07 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Luciano Bello <luciano@debian.org>
To: submit@bugs.debian.org
Subject: [CVE-2012-2152] dhcpcd 3.2.3 remote stack overflow / denial of service
Date: Wed, 2 May 2012 22:08:37 +0200
Package: dhcpcd
Severity: important
Tags: security patch

The following vulnerability had been reported against dhcpcd: 
http://www.openwall.com/lists/oss-security/2012/05/02/4

A possible patch can be found in the report.

Please use CVE-2012-2152 for this issue.

Cheers,
luciano

Reply sent to Simon Kelley <simon@thekelleys.org.uk>:
You have taken responsibility. (Fri, 04 May 2012 14:51:17 GMT) (full text, mbox, link).

Notification sent to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer. (Fri, 04 May 2012 14:51:17 GMT) (full text, mbox, link).

Message #10 received at 671265-close@bugs.debian.org (full text, mbox, reply):

From: Simon Kelley <simon@thekelleys.org.uk>
To: 671265-close@bugs.debian.org
Subject: Bug#671265: fixed in dhcpcd 1:3.2.3-11
Date: Fri, 04 May 2012 14:47:46 +0000
Source: dhcpcd
Source-Version: 1:3.2.3-11

We believe that the bug you reported is fixed in the latest version of
dhcpcd, which is due to be installed in the Debian FTP archive:

dhcpcd_3.2.3-11.diff.gz
  to main/d/dhcpcd/dhcpcd_3.2.3-11.diff.gz
dhcpcd_3.2.3-11.dsc
  to main/d/dhcpcd/dhcpcd_3.2.3-11.dsc
dhcpcd_3.2.3-11_i386.deb
  to main/d/dhcpcd/dhcpcd_3.2.3-11_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 671265@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Simon Kelley <simon@thekelleys.org.uk> (supplier of updated dhcpcd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 3 May 2012 14:03:12 +0000
Source: dhcpcd
Binary: dhcpcd
Architecture: source i386
Version: 1:3.2.3-11
Distribution: unstable
Urgency: high
Maintainer: Simon Kelley <simon@thekelleys.org.uk>
Changed-By: Simon Kelley <simon@thekelleys.org.uk>
Description: 
 dhcpcd     - DHCP client for automatically configuring IPv4 networking
Closes: 671265
Changes: 
 dhcpcd (1:3.2.3-11) unstable; urgency=high
 .
     * Security fix, remote stack overflow: CVE-2012-2152. (closes: #671265)
Checksums-Sha1: 
 8383f99a7df2c4bf7a8e219b7ea9b34e39faf3c5 949 dhcpcd_3.2.3-11.dsc
 1507f9d9dbfce5389cef254cc6afc5c2d160c3a9 18696 dhcpcd_3.2.3-11.diff.gz
 f93d43a3ed019a1e63cee67b60ffc6e8b50f7f30 49650 dhcpcd_3.2.3-11_i386.deb
Checksums-Sha256: 
 c012b64894c1fb1f56b6fef391124e61dc882d7670fec7a62750c4552a649495 949 dhcpcd_3.2.3-11.dsc
 34af82121257a56ba21b300b6117e9d7cfd5ff12099d7e55d137e58b9caa8261 18696 dhcpcd_3.2.3-11.diff.gz
 bd80722f94582bb606086bc486feb93c43c70784a0eb46f091a796f56eb7fcd7 49650 dhcpcd_3.2.3-11_i386.deb
Files: 
 9af98a3b2703bb50493b24c0a295b509 949 net optional dhcpcd_3.2.3-11.dsc
 53288840b39a6a7fd3ca442804dc1543 18696 net optional dhcpcd_3.2.3-11.diff.gz
 5266304e9a6d2aa579eca25f726da53a 49650 net optional dhcpcd_3.2.3-11_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk+igxYACgkQKPyGmiibgrd4cgCcCYrF+YojnPbyut/Ow5qmaBoC
FFgAn2AgeAzoWJrwox5UQErkucA6IsmH
=K172
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 05 Jun 2012 07:44:10 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Jul 9 11:54:50 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started