"infamous41md" noticed that the log functions in dhcp 2.x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings. One use seems to be exploitable in connection with a malicious DNS server. For the stable distribution (woody) these problems have been fixed in version 2.0pl5-11woody1. For the unstable distribution (sid) these problems have been fixed in version 2.0pl5-19.1. We recommend that you upgrade your dhcp package.
"infamous41md" noticed that the log functions in dhcp 2.x, which is still distributed in the stable Debian release, contained pass parameters to function that use format strings. One use seems to be exploitable in connection with a malicious DNS server.
For the stable distribution (woody) these problems have been fixed in version 2.0pl5-11woody1.
For the unstable distribution (sid) these problems have been fixed in version 2.0pl5-19.1.
We recommend that you upgrade your dhcp package.
MD5 checksums of the listed files are available in the original advisory.