Debian Bug report logs -
#638404
isc-dhcp: two denial-of-service issues
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Fri, 19 Aug 2011 03:54:01 UTC
Severity: important
Tags: security
Found in version 4.1.1-P1-17
Fixed in version isc-dhcp/4.2.2-1
Done: Andrew Pollock <apollock@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>:
Bug#638404; Package isc-dhcp.
(Fri, 19 Aug 2011 03:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>.
(Fri, 19 Aug 2011 03:54:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: isc-dhcp
Version: 4.1.1-P1-17
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for isc-dhcp.
CVE-2011-2748[0]:
| The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
| 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
| cause a denial of service (daemon exit) via a crafted DHCP packet.
CVE-2011-2749[1]:
| The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before
| 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to
| cause a denial of service (daemon exit) via a crafted BOOTP packet.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2748
http://security-tracker.debian.org/tracker/CVE-2011-2748
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2749
http://security-tracker.debian.org/tracker/CVE-2011-2749
Added tag(s) pending.
Request was from Andrew Pollock <apollock@debian.org>
to control@bugs.debian.org.
(Wed, 24 Aug 2011 05:51:03 GMT) (full text, mbox, link).
Reply sent
to Andrew Pollock <apollock@debian.org>:
You have taken responsibility.
(Tue, 27 Sep 2011 09:23:40 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Tue, 27 Sep 2011 09:23:49 GMT) (full text, mbox, link).
Message #12 received at 638404-close@bugs.debian.org (full text, mbox, reply):
Source: isc-dhcp
Source-Version: 4.2.2-1
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive:
dhcp3-client_4.2.2-1_all.deb
to main/i/isc-dhcp/dhcp3-client_4.2.2-1_all.deb
dhcp3-common_4.2.2-1_all.deb
to main/i/isc-dhcp/dhcp3-common_4.2.2-1_all.deb
dhcp3-dev_4.2.2-1_all.deb
to main/i/isc-dhcp/dhcp3-dev_4.2.2-1_all.deb
dhcp3-relay_4.2.2-1_all.deb
to main/i/isc-dhcp/dhcp3-relay_4.2.2-1_all.deb
dhcp3-server_4.2.2-1_all.deb
to main/i/isc-dhcp/dhcp3-server_4.2.2-1_all.deb
isc-dhcp-client-dbg_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-client-dbg_4.2.2-1_i386.deb
isc-dhcp-client-udeb_4.2.2-1_i386.udeb
to main/i/isc-dhcp/isc-dhcp-client-udeb_4.2.2-1_i386.udeb
isc-dhcp-client_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-client_4.2.2-1_i386.deb
isc-dhcp-common_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-common_4.2.2-1_i386.deb
isc-dhcp-dev_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-dev_4.2.2-1_i386.deb
isc-dhcp-relay-dbg_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-relay-dbg_4.2.2-1_i386.deb
isc-dhcp-relay_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-relay_4.2.2-1_i386.deb
isc-dhcp-server-dbg_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-server-dbg_4.2.2-1_i386.deb
isc-dhcp-server-ldap_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-server-ldap_4.2.2-1_i386.deb
isc-dhcp-server_4.2.2-1_i386.deb
to main/i/isc-dhcp/isc-dhcp-server_4.2.2-1_i386.deb
isc-dhcp_4.2.2-1.diff.gz
to main/i/isc-dhcp/isc-dhcp_4.2.2-1.diff.gz
isc-dhcp_4.2.2-1.dsc
to main/i/isc-dhcp/isc-dhcp_4.2.2-1.dsc
isc-dhcp_4.2.2.orig.tar.gz
to main/i/isc-dhcp/isc-dhcp_4.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 638404@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrew Pollock <apollock@debian.org> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 28 Aug 2011 22:12:21 -0700
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev
Architecture: source i386 all
Version: 4.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-devel@lists.alioth.debian.org>
Changed-By: Andrew Pollock <apollock@debian.org>
Description:
dhcp3-client - ISC DHCP client (transitional package)
dhcp3-common - ISC DHCP common files (transitional package)
dhcp3-dev - ISC DHCP development files (transitional package)
dhcp3-relay - ISC DHCP relay (transitional package)
dhcp3-server - ISC DHCP server (transitional package)
isc-dhcp-client - ISC DHCP client
isc-dhcp-client-dbg - ISC DHCP client (debugging symbols)
isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
isc-dhcp-common - common files used by all the isc-dhcp* packages
isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
isc-dhcp-relay - ISC DHCP relay daemon
isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols)
isc-dhcp-server - ISC DHCP server for automatic IP address assignment
isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug)
isc-dhcp-server-ldap - DHCP server able to use LDAP as backend
Closes: 236001 246155 521024 565650 590158 613734 614992 616417 628372 629632 630519 632888 638267 638404
Changes:
isc-dhcp (4.2.2-1) unstable; urgency=low
.
* New upstream release, includes security fixes for CVE-2011-2748 and
CVE-2011-2749 (closes: #638404)
* Remove obsolete patches, refit remaining patches
* Remove LDAP patch, it's finally upstream now (yay!)
* debian/rules: adjust double build for the non-existence of the LDAP patch
* debian/isc-dhcp-server-ldap.docs: update for new location of documentation
* debian/rules: added build-arch and build-indep targets
* debian/rules: applied patch from Kees Cook to call dh_link (closes: #614992)
* debian/dhclient-script.linux: applied patch from Colin Watson to make
dhclient-script support stateless DHCPv6 (closes: #632888)
* debian/dhclient-script.linux: fix regression for MTU <= 576 handling
(closes: #638267)
* Apply patch from Peter Marschall to split the rfc3442-classless-routes hook
into a Linux and a kFreeBSD variant, so that the Linux one can use iproute
(closes: #630519)
* debian/isc-dhcp-server.postinst: apply patch from Peter Marschall to
document new variables in /etc/default/isc-dhcp-server
* debian/isc-dhcp-server.init.d: apply patch from Peter Marschall to
- make the name of the default file configurable
- make the name of the server configuration file configurable (closes:
#590158, #565650)
- allow passing additional options to dhcpd (closes: #613734)
- read PID from config file
* Add Catalan debconf template translation (closes: #628372)
* debian/isc-dhcp-client,dhcp3-client}.links: apply patch from Peter
Marschall to move old compatibility links to the old compatibility package
(closes: #614992)
* debian/isc-dhcp-server.postinst: apply patch from Peter Marschall to fix
comment in /etc/default/isc-dhcp-server (closes: #616417)
* debian/control: apply patch from Peter Marschall to add a Provides:
dhcp-client to isc-dhcp-client (closes: #236001)
* debian/dhclient-script.{linux,kfreebsd}: apply patch from Peter Marschall
to fix metric calculation (closes: #629632)
* debian/dhclient-script.linux: apply patches from Peter Marschall to support
IPv6 link-local resolvers
* debian/dhclient-script.{linux,kfreebsd}: applied patch from Peter Marschall
to factor out the hostname setting to a separate function
* debian/dhclient-script.{linux,kfreebsd}: applied patch from Peter Marschall
to harmonize the logic for setting the hostname (closes: #246155)
* apply patch from Peter Marschall to use one common script for the debug
hooks
* debian/rfc3442-classless-routes.{linux,kfreebsd}: applied patch from Peter
Marschall to take care of link-local routes (closes: #521024)
* debian/dhclient-script.*: apply patch from Peter Marschall to use alternate
value expansion
* debian/isc-dhcp-server.postinst: eliminate an error message from sed if no
interfaces are provided
Checksums-Sha1:
e8cca0f1fd92722849bf235e15a96b0996a982ab 2149 isc-dhcp_4.2.2-1.dsc
a2d5d5bf0fb2a98e9e3e18b243d0a07e12837f81 8764108 isc-dhcp_4.2.2.orig.tar.gz
a311f6f63a216da885bec153fdcdc297e604bf8d 84269 isc-dhcp_4.2.2-1.diff.gz
45eb9a8591414c872a71d852121a4c962b2aee90 864688 isc-dhcp-server_4.2.2-1_i386.deb
6f5745bad95aa48be4190947c92eb19b4d7e6927 1656684 isc-dhcp-server-dbg_4.2.2-1_i386.deb
e1af82b5d22d5203ee22c909f596430b6db9af7b 822332 isc-dhcp-server-ldap_4.2.2-1_i386.deb
178a13ca256156229951f90bc08c4b3f4c4b82a0 798532 isc-dhcp-common_4.2.2-1_i386.deb
64991f605c611dbc74b85bd3c782b39a089e5ea7 653222 isc-dhcp-dev_4.2.2-1_i386.deb
8ce2d26775c22619d45a4ca21db27ce2e19642f7 734146 isc-dhcp-client_4.2.2-1_i386.deb
608c2a9b18210a88c0fd08ff995e47969c4784fa 1469106 isc-dhcp-client-dbg_4.2.2-1_i386.deb
5b061dd0d9152543fa94557aa38a4f08af67ecf5 679404 isc-dhcp-client-udeb_4.2.2-1_i386.udeb
0c4d36d66cc73b62901d7135b0faaec3002e231c 678342 isc-dhcp-relay_4.2.2-1_i386.deb
01bec9e97e641d8b5f706b4b8ad3d1aee17567b3 1428094 isc-dhcp-relay-dbg_4.2.2-1_i386.deb
9394442c01a4cec67de07ffd883407f7ac7b10b1 26918 dhcp3-server_4.2.2-1_all.deb
645077e014ce42d890bf830d43a085dbcceb752d 26608 dhcp3-client_4.2.2-1_all.deb
a946509956f4d26beb294f80c0b69d3e63fb829b 26624 dhcp3-relay_4.2.2-1_all.deb
154cb394360791ea2f69f47b2b5ff68190e0c73f 26040 dhcp3-common_4.2.2-1_all.deb
57ac8eceb294b109f9537fcd1393ac7a4a616f66 26092 dhcp3-dev_4.2.2-1_all.deb
Checksums-Sha256:
3c728c82eb10455a780c8fd1df99b0cc15e3a97440c5348eb6dd4819b5cb2340 2149 isc-dhcp_4.2.2-1.dsc
846ee115bd3a789ef4d8d051e1078b920b152c5644179c1a28ed59aa1b5ee38c 8764108 isc-dhcp_4.2.2.orig.tar.gz
0edf9d7ad073c063e5b13954b69e98215b324d71212eca1eb6a4db9f07a90c4c 84269 isc-dhcp_4.2.2-1.diff.gz
d8c88ee935687ad8fa948cd484f530808ded3b34fadc29369bc885cdff8d12f8 864688 isc-dhcp-server_4.2.2-1_i386.deb
ef3887dd584956ca66fb9351ab91cbbf9b5315cb8c6e1dba9f2853aab9c65f60 1656684 isc-dhcp-server-dbg_4.2.2-1_i386.deb
cf02da129ef47e8673e88b8d82a907f6077045ebc454bb14272f95c261a83f12 822332 isc-dhcp-server-ldap_4.2.2-1_i386.deb
f9d3d0f7d008c45906da39010e2342f8ef5174e821c8ce3723b6e3e4063cc043 798532 isc-dhcp-common_4.2.2-1_i386.deb
12542f5ef4ca9ab337c6c4609874a593512a8730bcfc183a654ebd15b37d5276 653222 isc-dhcp-dev_4.2.2-1_i386.deb
365871aaf94269850b697856dcc7ad3c3270a55b256a4dbfa109637f233380da 734146 isc-dhcp-client_4.2.2-1_i386.deb
fd80c255a9e8221313f8d7db9662e49c8dad2cdd3adc6536139391db2942bf01 1469106 isc-dhcp-client-dbg_4.2.2-1_i386.deb
04fac7a569a5ea7a1702d915dfa7d51778aa6b6518fb7edb10b93a34e32059f4 679404 isc-dhcp-client-udeb_4.2.2-1_i386.udeb
4b21d4e4830259b794bb94a184cdc706c840401640182dd3a2364b76bce8b543 678342 isc-dhcp-relay_4.2.2-1_i386.deb
3250a2f94d45c6c657b9476a71d289d4693e3008eb996b6022572c0b945c37b0 1428094 isc-dhcp-relay-dbg_4.2.2-1_i386.deb
28d5cd1d1cbf44c83863fb232dc61d21d200ca9a2e1c76414d7d51cab526aeb4 26918 dhcp3-server_4.2.2-1_all.deb
6bf06ad0d25c5d62ab7bce70e344b7057c191b1d2d0104c4c0af8d9f88b01044 26608 dhcp3-client_4.2.2-1_all.deb
1f58a77b7d913842fef91a2064b9e89db8dc241e6ab9a058144b3a892934feec 26624 dhcp3-relay_4.2.2-1_all.deb
62deeb310ecf2cfd41ebb5fb55d8ccda780e13fb29777f45e2e11e626043b329 26040 dhcp3-common_4.2.2-1_all.deb
56e70f453206bbc7687c5fb2082a3660e4fc628c23ff8145a4d10e0ff891ba36 26092 dhcp3-dev_4.2.2-1_all.deb
Files:
5687dae5259165fba59279bdc3fe83b2 2149 net important isc-dhcp_4.2.2-1.dsc
bb0f0434cd796f76aa7cead391d71f31 8764108 net important isc-dhcp_4.2.2.orig.tar.gz
e87c812418a22b49fe9023c3ea875450 84269 net important isc-dhcp_4.2.2-1.diff.gz
26f952c50a2f33d494fa348a9de6036c 864688 net optional isc-dhcp-server_4.2.2-1_i386.deb
45be9928e60e81996c05be4f71a86090 1656684 debug extra isc-dhcp-server-dbg_4.2.2-1_i386.deb
35de6e4713c5ff8d37f13b59e43079ac 822332 net optional isc-dhcp-server-ldap_4.2.2-1_i386.deb
def8e79457f7b67750fb328c55f35b49 798532 net important isc-dhcp-common_4.2.2-1_i386.deb
fa57b70a32fe854b985d5af851fb470b 653222 devel optional isc-dhcp-dev_4.2.2-1_i386.deb
ab382463f1360ecb9d2a283c283ef8a6 734146 net important isc-dhcp-client_4.2.2-1_i386.deb
404eb14ad17b90eeba1f62b184d4e323 1469106 debug extra isc-dhcp-client-dbg_4.2.2-1_i386.deb
5365e5beeedf327861fb635a3ff519fd 679404 debian-installer extra isc-dhcp-client-udeb_4.2.2-1_i386.udeb
dabd0504a1ac95c0e8d153c24aea8366 678342 net optional isc-dhcp-relay_4.2.2-1_i386.deb
4eb7c2eebdeae3b9720878646bed9254 1428094 debug extra isc-dhcp-relay-dbg_4.2.2-1_i386.deb
df515bbc52da5e479582ae5a91a82570 26918 oldlibs extra dhcp3-server_4.2.2-1_all.deb
72c805abd9f9d50b997e4e6867e73058 26608 oldlibs extra dhcp3-client_4.2.2-1_all.deb
076ef4df4a3bfadaf03b70785f05cd35 26624 oldlibs extra dhcp3-relay_4.2.2-1_all.deb
420a4a9065b14d56664551538d3b84eb 26040 oldlibs extra dhcp3-common_4.2.2-1_all.deb
2a16e0f34622b159591a04bac19266f5 26092 oldlibs extra dhcp3-dev_4.2.2-1_all.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJOgXS1AAoJEFHf2Ts++3nvsckQAJa5FQmz0hm1FacktRUKFa3p
FkRdwbqAWFGaCl12i8g3K2EPitFS+Z340A1joDFH8hk5Rz5i7V6SfZGzlX32VF96
3hJudKqFhtNev+HaISUZ2ak9CEAGHZ/A93QykaLKUjEHZk/wNbKT0pBzF++jdBow
HAH4pD32htpV4zVavYjlQ6PpJ5ZGbNhzIT45MBCJNFiWbNxmwkI6nKFH2Aiyd+NC
bs9tj0RGV59e6xH+knugq6dCULRCErZgmntID3sJ7J43zyFBj+gV+Vx+W69HJxhB
rlico0gsGAzTJEufeOVwky7WaCq/gVy9ZoFtTma3gkfHdll/omHQ3+h4xtXmh71m
qZFd13dGVaql8uNGqaxRuuWFXpoY4hde1aLrm9NtIve7XdAYlICXGPTZtXeB4g/n
4GkhlNRw3QG9ikXyTw0JnBD8ba6oN9HMwjEaf1i3d47etT5y0u3gmN9k3tGYZjh4
teSbpcRMO/uvzxxbnyV/kRQShwK0IOu8vbjFm35BRHoU0/qVypma+2MBqhiMe2z1
nhbLLay2ZT9WOFj4IRvrcMKWVuT+8e9PUX9rL2MMJQRV+mvnB65FvMzwVE/8CR3g
th9LGK3wITIcvgUVLV+YiC9RanOIHqQG0BjFrB+sjEeIlSO39U47RE7A0bDGLQ5a
889a5EfA9Z20NuIfc4vU
=1dpr
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 22 Apr 2012 07:33:29 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:05:01 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon