Debian Bug report logs -
#810875
isc-dhcp: CVE-2015-8605: UDP payload length not properly checked
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 13 Jan 2016 05:51:05 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Found in version isc-dhcp/4.1.1-P1-15
Fixed in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u8, isc-dhcp/4.3.1-6+deb8u2, isc-dhcp/4.3.3-7
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#810875; Package src:isc-dhcp.
(Wed, 13 Jan 2016 05:51:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Wed, 13 Jan 2016 05:51:09 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: isc-dhcp
Version: 4.1.1-P1-15
Severity: grave
Tags: security upstream fixed-upstream
Hi,
(filling so that we have a reference from the BTS)
the following vulnerability was published for isc-dhcp.
CVE-2015-8605[0]:
UDP payload length not properly checked
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-8605
[1] https://kb.isc.org/article/AA-01334
Regards,
Salvatore
Marked as fixed in versions isc-dhcp/4.2.2.dfsg.1-5+deb70u8.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 13 Jan 2016 12:57:06 GMT) (full text, mbox, link).
Marked as fixed in versions isc-dhcp/4.3.1-6+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 13 Jan 2016 12:57:07 GMT) (full text, mbox, link).
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Sun, 31 Jan 2016 03:54:12 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 31 Jan 2016 03:54:12 GMT) (full text, mbox, link).
Message #14 received at 810875-close@bugs.debian.org (full text, mbox, reply):
Source: isc-dhcp
Source-Version: 4.3.3-7
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 810875@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 31 Jan 2016 01:31:59 +0000
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay
Architecture: source
Version: 4.3.3-7
Distribution: unstable
Urgency: medium
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
isc-dhcp-client - DHCP client for automatically obtaining an IP address
isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client
isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
isc-dhcp-common - common files used by all of the isc-dhcp packages
isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
isc-dhcp-relay - ISC DHCP relay daemon
isc-dhcp-server - ISC DHCP server for automatic IP address assignment
isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend
Closes: 648401 800914 810875 812525
Changes:
isc-dhcp (4.3.3-7) unstable; urgency=medium
.
* Migrate to dbgsym debug packages.
* Fix spelling error in changelog entry.
* Include LDFLAGS in all calls to configure.
* Fix relaying return packets (closes: #648401).
- Thanks to Steinar H. Gunderson.
* Fix cross-architecture building (closes: #812525).
- Thanks to Helmut Grohne.
* Initialize exit status in dhclient-script (closes: #800914).
* Fix CVE-2015-8605: maliciously crafted IPv4 packet can cause any of the
running DHCP applications to crash (closes: #810875).
Checksums-Sha1:
8b3087ec2d0d6cc65f2d2edc29e4169226d350dc 3250 isc-dhcp_4.3.3-7.dsc
75674b1d055e233567ddc7eb2eba914978f0d060 83292 isc-dhcp_4.3.3-7.debian.tar.xz
Checksums-Sha256:
25393f5a8da023661efe1ff4e0cb0cfebf2eeb09ab23e4d2109cd94644b1c10c 3250 isc-dhcp_4.3.3-7.dsc
b82a7f78a73498759c96480636f3d837539a6c02df595706e90020815978e970 83292 isc-dhcp_4.3.3-7.debian.tar.xz
Files:
5a835a878efbe2f3d262f96b5a93bfcc 3250 net important isc-dhcp_4.3.3-7.dsc
6883fe5bad65f346c761556b1484c093 83292 net important isc-dhcp_4.3.3-7.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJWrXZgAAoJELjWss0C1vRzGAYgAJ8yT03ACtZXi60IMf5R4Dmg
NqBA+uWk8q7dbhtFlDD2VxzUC6MWjp60Cpq5Gohcoxx+kYnyluN9pI+XYJmVSeRT
GfTEpMgUDEy74bm8MW7MeKpVgke+r9/o6GRiO8/ZrOG1Ylb/7hj7z9DuLzhnSC/Y
5WlT9HJAarJ83R27Xufhr5ZlzVAzj8A7NXCY4OhnAdrrc5XxFsxg1qwO8t1RgEeo
RKvBwY1c3zIv91f8NSVJRa9E9rvV0pbyCyflcjZKHsxKODaNH6QCIHFE/vvGFQ8t
hlriEdV6RYeK2Keh7Ka2N07MMs8FnG2yteuz2MeN9gEytR0gRVSZkXGbrlFpWjjp
Nwo9lfzlszbPlwDnExde7iJpntErY7ioAUxB3rvTu20vyJubs9dgg8BkaL+kg5cK
ZNvo1jXf7sgWsofr4SzuN4Vk3NMOm0MeaNc7Fv8b15Tq2aq8LnTvlPuuRYaJ6hi8
44r3FE6lPw1v+isQk3DQOnM0O7dMsVuQDkdfEX1FmtVhGoSDr4zzvSLTd3lXTNLx
KA91GSqi2RWh4vtNtlEPLqJ3aGChFT/purt/XVTT46TmOlAcrHPLC+GEMcZcp2O2
tpZ18e/utetQI3WsLm2OouAITk7bCNu5wdfiHl4tn+OCX1NuVrC3tlUIr6171ae6
IJJgDtCHPDgSvqQX80Y2/7sNmVEsrOcAs9Di19gOmPRVNy/5iS1mChEWHVeZw06K
uF1kyTPqJ2gKWI1RL0VRDHA4kuaoTQxqBscgH9APxMWGlm5fmvNAYTJKmtm2oJxA
gq7F9wZF8oHb0zTPLYD0r5kZxTzY+9qwU2qUcT/6VL0+RyvXh4AnU/2Y2YE2KMVO
UbWRXRrMKgQGWZ/Es3jw69SkG/5aAJYGhzEWrE+b9+NxLIgPN9kSW6fK+5qQdCU1
OQJIyNnsFfF5+i549O3dGTN16CNcixxU/Y1+ICLXaHcrzgd1LGNeuYmvpj51ciJ1
c1lBBIXcj3Jg7EQpHJfkaRfufUvuvrsG9/BifW8/rHk2N0tPUgketj1yM3aRkhNV
pqRHf5L07F3dBDu/ABaS8+L7sjisfRTsbstWtjPn4HJ70u9N5UOFBOuXg1HoirHU
5kI5VWb8FtM/EnzrgwLk+4sIzypyA3QwQOqlBuUKOaZ4msOo1R8Ejz23OnkYr3bR
WOfbDnNfISPHV554Lst9ExwQpDj4e0XcvHAxrMY3T/aPEPCdwejGwLEF7FljHMea
EDPN0aPQue99ZuSBc3IT9uuNr5dRryo/GetWjQWbH55KqxvtyvDLFl6H66KodLLz
KQbTj64Tdmld6RMzd0v3XOB6gbtM5Xc1pFEUVfEhonbHa5OLTYNfqiAEFggjpDo=
=62sA
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 28 Feb 2016 07:48:01 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:51:46 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon