Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values

Related Vulnerabilities: CVE-2016-1503   CVE-2016-1504  

Source

Debian Bug report logs - #810621
dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values

version graph

Package: src:dhcpcd5; Maintainer for src:dhcpcd5 is Scott Leggett <scott@sl.id.au>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sun, 10 Jan 2016 16:30:02 UTC

Severity: important

Tags: fixed-upstream, patch, security, upstream

Found in version dhcpcd5/6.9.3-1

Fixed in version dhcpcd5/6.10.1-1

Done: Jose dos Santos Junior <j.s.junior@live.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jose dos Santos Junior <j.s.junior@live.com>:
Bug#810621; Package src:dhcpcd5. (Sun, 10 Jan 2016 16:30:06 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Jose dos Santos Junior <j.s.junior@live.com>. (Sun, 10 Jan 2016 16:30:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dhcpcd5: CVE-2016-1503: heap overflow via malformed dhcp responses in print_option (via dhcp_envoption1) due to incorrect option length values
Date: Sun, 10 Jan 2016 17:27:54 +0100
Source: dhcpcd5
Version: 6.9.3-1
Severity: important
Tags: security upstream patch fixed-upstream

Hi,

the following vulnerability was published for dhcpcd5.

CVE-2016-1503[0]:
|heap overflow via malformed dhcp responses in print_option (via
|dhcp_envoption1) due to incorrect option length values

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2016-1503
[1] http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply sent to Jose dos Santos Junior <j.s.junior@live.com>:
You have taken responsibility. (Tue, 05 Apr 2016 17:24:19 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Tue, 05 Apr 2016 17:24:19 GMT) (full text, mbox, link).

Message #10 received at 810621-close@bugs.debian.org (full text, mbox, reply):

From: Jose dos Santos Junior <j.s.junior@live.com>
To: 810621-close@bugs.debian.org
Subject: Bug#810621: fixed in dhcpcd5 6.10.1-1
Date: Tue, 05 Apr 2016 17:20:40 +0000
Source: dhcpcd5
Source-Version: 6.10.1-1

We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 810621@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jose dos Santos Junior <j.s.junior@live.com> (supplier of updated dhcpcd5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 04 Apr 2016 09:58:32 -0300
Source: dhcpcd5
Binary: dhcpcd5
Architecture: source
Version: 6.10.1-1
Distribution: unstable
Urgency: medium
Maintainer: Jose dos Santos Junior <j.s.junior@live.com>
Changed-By: Jose dos Santos Junior <j.s.junior@live.com>
Description:
 dhcpcd5    - DHCPv4, IPv6RA and DHCPv6 client with IPv4LL support
Closes: 791582 799795 810620 810621 813595 815338
Changes:
 dhcpcd5 (6.10.1-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #813595)
   * Fix CVE-2016-1504 invalid read/crash
      via malformed dhcp responses by upstream (Closes: #810620)
   * Fix CVE-2016-1503 heap overflow via malformed
      dhcp responses in print_option (via dhcp_envoption1)
      due to incorrect option length values by upstream (Closes: #810621)
   * d/control:
      - Bump Standards-Version to 3.9.7
   * Fix dhcpcd5 FTBFS on kfreebsd-amd64
      and kfreebsd-i386 by upstream (Closes: #815338)
   * Fix Multiplication of IPv6 addresses by upstream (Closes: #791582)
   * d/rules:
      - Add hardening
   * d/patches:
      - fix-spelling-error for all older files
      - fix-spelling-error-in-manpage for manpage`s
   * d/dhcpcd5.lintian-overrides:
      - Add overrides for spelling error binary false positive
   * recommended revision in your dhcp by upstream (Closes: #799795)
Checksums-Sha1:
 997f1e68b910f1894f7cfe555c9c2fbc7355c521 1705 dhcpcd5_6.10.1-1.dsc
 bb37e0211858df8a919c494e14a6bbfb67b1f72c 180112 dhcpcd5_6.10.1.orig.tar.xz
 360f200aa36d71b1274a9b90ea77b8cda47febf2 6104 dhcpcd5_6.10.1-1.debian.tar.xz
Checksums-Sha256:
 210ec08796f48b01010193772fc11e5225d080747a0656b94589f35b1343ec87 1705 dhcpcd5_6.10.1-1.dsc
 284abf8c3be0580bbac5eaca95359346ab0d78d4072317b6ce87cc68f2e8ae7b 180112 dhcpcd5_6.10.1.orig.tar.xz
 2f8fa37c10fcd76c07cb6cec6048cd20c3c93a893deba78b23c6d15b1e2cd39a 6104 dhcpcd5_6.10.1-1.debian.tar.xz
Files:
 c5255679280a737e39385e6215f58357 1705 net optional dhcpcd5_6.10.1-1.dsc
 a7b83c57f47b62f48373905d3b4f7978 180112 net optional dhcpcd5_6.10.1.orig.tar.xz
 8b19dba9d5838ba1b93a266bffc4871a 6104 net optional dhcpcd5_6.10.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXA/KuAAoJEPNPCXROn13ZkXIQAJlwK2JL7/Y96KlZ8/PIYBye
9SZJ9DdNrgr5xulN2EObpCZ+XOut7uBysSgNtflVFOKCMzrZ+PLNDyUPCwc88FuH
FpYpsfwjGgwB7MRV7HyEoNre8/XoyGaXnlcCkAckPz104jwmjm3Yux5+Yh6ReuOb
vu208cUn/9eae08brwz7swKrmMXONmQE6h6a5kCXV/2wMQLGv+ejFni5726z22FD
WpQtf/revgKJj4qd5z7djtwnaqnStbOuwQopGaq60LroZP3mw86Rg9gnK4W0nVq6
IlxvKl2j1JCyqBw7KGiv6tPuB8SbKZPZIezAiqZNjmTTxRYY51RDS3r/DTnmjVgy
n46OTYvzDDnCs/1GGk2M79ZoU1wXsPazzblVvy6UEO5On6OoBOIySudpXTk3WSEf
Dfo41NMrgNuW5ut9ca2rqnCpu6Kt4WDoG+QCSoEgL9ocodGjqh/hOqt2/nm90gf7
Aiho9+a+YoypaPuh9Fp4eIV57wRz2g8DC1lcecymMYk2vH+J80jQGp3ooP/F9hRq
Pou55tD779IU/f3Ms7i1No2NW+eLFfz3BDRptOXgRDlPIV2G+MrKZE37OSkB1z6D
HeZoauTuXP3S7olF6gafVOqiETcASoaVzkUQ7H5PwriIuBZ9vkZv4mT7C81PrRvg
T0+zx7pguEr9UtaJubob
=62bK
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 09 May 2016 07:26:21 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:29:31 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started