Debian Bug report logs -
#652259
[CVE-2011-4539] DoS with regular expressions in dhcpd.conf
Reported by: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 15 Dec 2011 18:30:01 UTC
Severity: important
Tags: fixed-upstream, security, upstream
Found in versions 4.1.1-P1-15, 4.1.1-P1-15+squeeze3
Fixed in version isc-dhcp/4.2.2.dfsg.1-5
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#652259; Package isc-dhcp.
(Thu, 15 Dec 2011 18:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Florian Weimer <fw@deneb.enyo.de>:
New Bug report received and forwarded. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Thu, 15 Dec 2011 18:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: isc-dhcp
Version: 4.1.1-P1-15+squeeze3
Tags: security upstream fixed-upstream
Severity: important
A security bug in dhcpd has been disclosed:
| dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4
| does not properly handle regular expressions in dhcpd.conf, which
| allows remote attackers to cause a denial of service (daemon crash)
| via a crafted request packet.
<https://www.isc.org/software/dhcp/advisories/cve-2011-4539>
I'm not sure if this warrants a DSA on its own.
Marked as found in versions 4.1.1-P1-15.
Request was from Jonathan Wiltshire <jmw@debian.org>
to control@bugs.debian.org.
(Sun, 18 Mar 2012 22:48:08 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sat, 28 Apr 2012 20:51:07 GMT) (full text, mbox, link).
Notification sent
to Florian Weimer <fw@deneb.enyo.de>:
Bug acknowledged by developer.
(Sat, 28 Apr 2012 20:51:08 GMT) (full text, mbox, link).
Message #12 received at 652259-close@bugs.debian.org (full text, mbox, reply):
Source: isc-dhcp
Source-Version: 4.2.2.dfsg.1-5
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive:
isc-dhcp-client-dbg_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-client-dbg_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-client-udeb_4.2.2.dfsg.1-5_amd64.udeb
to main/i/isc-dhcp/isc-dhcp-client-udeb_4.2.2.dfsg.1-5_amd64.udeb
isc-dhcp-client_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-client_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-common_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-common_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-dev_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-dev_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-relay-dbg_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-relay-dbg_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-relay_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-relay_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-server-dbg_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-server-dbg_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-server-ldap_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-server-ldap_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp-server_4.2.2.dfsg.1-5_amd64.deb
to main/i/isc-dhcp/isc-dhcp-server_4.2.2.dfsg.1-5_amd64.deb
isc-dhcp_4.2.2.dfsg.1-5.debian.tar.gz
to main/i/isc-dhcp/isc-dhcp_4.2.2.dfsg.1-5.debian.tar.gz
isc-dhcp_4.2.2.dfsg.1-5.dsc
to main/i/isc-dhcp/isc-dhcp_4.2.2.dfsg.1-5.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 652259@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 28 Apr 2012 16:00:49 -0400
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg
Architecture: source amd64
Version: 4.2.2.dfsg.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
isc-dhcp-client - ISC DHCP client
isc-dhcp-client-dbg - ISC DHCP client (debugging symbols)
isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
isc-dhcp-common - common files used by all the isc-dhcp* packages
isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
isc-dhcp-relay - ISC DHCP relay daemon
isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols)
isc-dhcp-server - ISC DHCP server for automatic IP address assignment
isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug)
isc-dhcp-server-ldap - DHCP server able to use LDAP as backend
Closes: 151820 652259 655746
Changes:
isc-dhcp (4.2.2.dfsg.1-5) unstable; urgency=medium
.
[ Andrew Pollock ]
* debian/dhclient.conf: send the hostname (closes: #151820)
.
[ Michael Gilbert ]
* Fix cve-2011-4868: error in DDNS handling with IPv6 (closes: #655746)
* Fix cve-2011-4539: error in regular expression handling
(closes: #652259)
* Make dependencies diff-able
* Add myself to uploaders
* Remove all automatically generated files in clean rule
* Medium urgency for security updates
Checksums-Sha1:
770081657f9f69be067323e93d3f34151f107890 3290 isc-dhcp_4.2.2.dfsg.1-5.dsc
ab15504c8f115e5e9310f39380cd168c60ea8e79 92836 isc-dhcp_4.2.2.dfsg.1-5.debian.tar.gz
38c509baf37fc2b30a3ef6d7fc211ef046afac86 938610 isc-dhcp-server_4.2.2.dfsg.1-5_amd64.deb
040d7e0e2b691e3183e5f0ac51bee5704ee09ecd 1881692 isc-dhcp-server-dbg_4.2.2.dfsg.1-5_amd64.deb
a766868e39a1b5e504662bb5e8345b9c5ae69e3a 894938 isc-dhcp-server-ldap_4.2.2.dfsg.1-5_amd64.deb
0689eafcb53546029eb981e297bb147c5cab9364 854868 isc-dhcp-common_4.2.2.dfsg.1-5_amd64.deb
f6128c1326f9bb4e3159caae47a8d2ffff31a9cd 721116 isc-dhcp-dev_4.2.2.dfsg.1-5_amd64.deb
a4abfd23f72056955d830de0d2982896d7a09c10 794910 isc-dhcp-client_4.2.2.dfsg.1-5_amd64.deb
da823a4d750f309b52f37315ddc315f6d797f009 1657818 isc-dhcp-client-dbg_4.2.2.dfsg.1-5_amd64.deb
b78c0d79e64e5147b1e640ecd8476f9a1eed046e 739426 isc-dhcp-client-udeb_4.2.2.dfsg.1-5_amd64.udeb
36c9c55a831f30f28ebdd982487feef555e04c96 735874 isc-dhcp-relay_4.2.2.dfsg.1-5_amd64.deb
bbbbcbcbd5a3f9a6b88549805278f29e3a29a68f 1601962 isc-dhcp-relay-dbg_4.2.2.dfsg.1-5_amd64.deb
Checksums-Sha256:
ffa6a564d09d24da2050037ac3b0b34f377d45c4cd361605d1b14a638cc14b25 3290 isc-dhcp_4.2.2.dfsg.1-5.dsc
c0b6d3b83f49c3607b2629b29f5692e0a766c52d76ab0d1bccb0dc5abf11c397 92836 isc-dhcp_4.2.2.dfsg.1-5.debian.tar.gz
ec95dcf0bb69a5d40f0e5216063b1360be3a3cf995e2f3c476750595a21a3738 938610 isc-dhcp-server_4.2.2.dfsg.1-5_amd64.deb
35e9c7062f20f1623637b7b4069d6b1cb45ccb2eeb9485e1f8af29a3d9c6d29d 1881692 isc-dhcp-server-dbg_4.2.2.dfsg.1-5_amd64.deb
64899204d2e97ac37205a86bf9a63f83c4e7ed4c76224d525d7965e44510fdb7 894938 isc-dhcp-server-ldap_4.2.2.dfsg.1-5_amd64.deb
1082e4f2c1cea9f79ee025aece0fc3368d7e25fd63f9d61eced3b7a2df43aaa7 854868 isc-dhcp-common_4.2.2.dfsg.1-5_amd64.deb
4ed286ab8f3ccf6af615a0c3ac776b4e60743f8ac12abc9c54477f954475e1fb 721116 isc-dhcp-dev_4.2.2.dfsg.1-5_amd64.deb
eb70cc38493c92d6b0746bdf793307c311dbdf1f5f1cb431e3f62f2f6347bb82 794910 isc-dhcp-client_4.2.2.dfsg.1-5_amd64.deb
7f28e3ea9c0b444324b21032bec97c75dbe4a72e790f5e75e10bc0ead649a54a 1657818 isc-dhcp-client-dbg_4.2.2.dfsg.1-5_amd64.deb
f5930d202b2cede4aab98c10094eae9254fbef6abf4725a2dad0be91964034bf 739426 isc-dhcp-client-udeb_4.2.2.dfsg.1-5_amd64.udeb
5d5b0d62736a27122972162a0c93f022e39a5bf47c0257934cb22037b0acc1ff 735874 isc-dhcp-relay_4.2.2.dfsg.1-5_amd64.deb
351a9b8c6c5f5bbe591762dda67bbb5502899db43f954e6e8559d4cd5f01082a 1601962 isc-dhcp-relay-dbg_4.2.2.dfsg.1-5_amd64.deb
Files:
74f2a6eb78aa5fdfb07a4dc00c550eb3 3290 net important isc-dhcp_4.2.2.dfsg.1-5.dsc
8964b0199ca4d4b0ae4725107bf0c54e 92836 net important isc-dhcp_4.2.2.dfsg.1-5.debian.tar.gz
c9fdc507c860816a5c609dfc716d0a5f 938610 net optional isc-dhcp-server_4.2.2.dfsg.1-5_amd64.deb
c00d6224712ac6808f45f9bb6f5dfaeb 1881692 debug extra isc-dhcp-server-dbg_4.2.2.dfsg.1-5_amd64.deb
ef74d4284561b97e1deee05377fda34d 894938 net optional isc-dhcp-server-ldap_4.2.2.dfsg.1-5_amd64.deb
091c0d67a17196682cc16dac73fb696d 854868 net important isc-dhcp-common_4.2.2.dfsg.1-5_amd64.deb
4dc2bdd925cfa7f8e63b89ba882ff6b3 721116 devel optional isc-dhcp-dev_4.2.2.dfsg.1-5_amd64.deb
4bfe0211d7fba1fc1ed43aa687a4c255 794910 net important isc-dhcp-client_4.2.2.dfsg.1-5_amd64.deb
0f17932ce3b72409ce03cfd3ed70da3c 1657818 debug extra isc-dhcp-client-dbg_4.2.2.dfsg.1-5_amd64.deb
04c609931ec9af16d72c1fbd82a40cc2 739426 debian-installer extra isc-dhcp-client-udeb_4.2.2.dfsg.1-5_amd64.udeb
e5b3d20d2d5387e0e03d388e81f2f1f8 735874 net optional isc-dhcp-relay_4.2.2.dfsg.1-5_amd64.deb
25ea1c5bdb8bb9ae0d4c12c1ceca75fd 1601962 debug extra isc-dhcp-relay-dbg_4.2.2.dfsg.1-5_amd64.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJPnE3hAAoJELjWss0C1vRzcuAgAI/JIL2LKu08SZa2tpfYbdhw
Y0X6lV3z70jjyOzvLuV3h/SPzNDLrc3csdcznS7iKoSRlGt8sJBsrCAXFyPFeLbX
92vY0ClEwYxJv9YU2ynKWDpBp3mwyUkMx439NoTyHklG59t1t8J+2lpayOgjFRZU
I1EItT1b6F7xbUOHfId/wbpX/mxFKcWMY6QgN2ak6Ig4bZp0J53cbAfrRpJn5t3S
0OZiQS2kGf/WgrqKs7lUkimOsxn/YyWJiiIY2qtDrHZMzjKVumFD+LiqKTfbghBm
Hbe2Mhq0+OpFvofd2Bdoy6jT5lc/VWrIJSP1Bx4aH4Mn6F54kR+XN6+EB/Bfv9Qs
YSktX+TrSIJugsg9q8CFcp2lek8HScwDjsF7aIDy6wwtQcjC9TZQvBw8l5CY5+5C
papAkXdZVShJwGSFuWijeMF8P+WBZ+eSXWQpTkSoy4wUHZsJuWI8FCdUp78EG2Nw
DEh4gcgbb5C0/2GB3m6HXTMPkWW25hc89Yt0uZEebpboLsgw/olzBemANSwkyCBM
IXSvY2tWalpkdfIIzPllMP2y4IblilP32kYFZrsbn1MasveyXkxWq+czDI2r1H7o
J5YaqM/YTMVyRgLr9BxV3g8EZdenUpfIeryTes7CMr8y8iseoIVDGQWgFtltCy69
6ZOozi9O6euPjtYf2OlVy8NieVL5Q/HE/f82fdLJy+snO3ipCq5c5tvOuSGflr7z
ilJQSs3PxhCcihGLI9kZRrjLsxTn865i91HvZVMy2Ck5PhFq4ltX0++3IoZeWC86
fE5aVtW/WoItPmvRAWIz2lrgNYeaHwGd1VBjAC5xk+kKqfjmG4qhInx7r9RO5qF9
W1qJa5wmxen+6/IjM5MCOtXhJc1X5a8nRNMvha+Gg8wKlkJnwReWVNrELjJIpnNY
GhzGJeb3p9znr/5brvCkErrGK1FUeWPzicNBKOq3a25uda6D22LyeGYLovDNN95U
s2dyw3a/tT984xlpWyEXBVVMVbQ1VjCyKm1dPjH9jAsg6S1p7FTchfDBtkZkKBM6
br7HLjg1G1XiCo6DpvCFuYSXD7q/f2VGGVvm+s2gl7G1Tx9lSfUT553Se8sV8U+z
jT6T0RQCn/t2Cf7A9oLBiCsS3EdJDjbLIKXNXa3BtLbBrOFlZlxDjCZ+tUJMr6Zb
LoLhU0D09rIs7TkRjJfYU2tLZOUM10kQM309A6hAW04E6DuUQ4p5xRXfUoKWsWRS
oBYF/2rMqVfztdJIFdOnkV/MhmTgslnjRVrX+WJjvjEddMF9wo980KinwChZkTwO
OlLuAWVC/eLR+q6RlX9rqid8kCLlpdgTvTrRguvUWxf2CqXl39nHXz/KXo17vjs=
=8dOU
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 01 Jun 2012 07:43:37 GMT) (full text, mbox, link).
Bug unarchived.
Request was from jmw@debian.org
to control@bugs.debian.org.
(Sat, 07 Jul 2012 23:18:10 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#652259; Package isc-dhcp.
(Sun, 08 Jul 2012 09:45:16 GMT) (full text, mbox, link).
Acknowledgement sent
to Jonathan Wiltshire <jmw@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Sun, 08 Jul 2012 09:45:22 GMT) (full text, mbox, link).
Message #21 received at 652259@bugs.debian.org (full text, mbox, reply):
Dear maintainer,
Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:
squeeze (6.0.6) - use target "stable"
Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.
I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.
For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].
0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/652259/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc
Thanks,
with his security hat on:
--
Jonathan Wiltshire jmw@debian.org
Debian Developer http://people.debian.org/~jmw
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 06 Aug 2012 07:32:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:01:04 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon