Bug 6872

Debian and Ubuntu have also issued advisories for this today:
http://lwn.net/Alerts/508283/
http://www.ubuntu.com/usn/usn-1519-1/

URL: (none) => http://lwn.net/Vulnerabilities/508291/

Fixed in Cauldron by Guillaume Rousse.

Version: Cauldron => 2
Whiteboard: (none) => MGA1TOO

Updated package uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated dhcp packages fix security vulnerabilities:

An unexpected client identifier parameter can cause the ISC DHCP
daemon to segmentation fault when running in DHCPv6 mode, resulting
in a denial of service to further client requests. In order to exploit
this condition, an attacker must be able to send requests to the DHCP
server (CVE-2012-3570).

An error in the handling of malformed client identifiers can cause
a DHCP server running affected versions (see Impact) to enter a
state where further client requests are not processed and the server
process loops endlessly, consuming all available CPU cycles. Under
normal circumstances this condition should not be triggered, but a
non-conforming or malicious client could deliberately trigger it in
a vulnerable server. In order to exploit this condition an attacker
must be able to send requests to the DHCP server (CVE-2012-3571).

Two memory leaks have been found and fixed in ISC DHCP. Both are
reproducible when running in DHCPv6 mode (with the -6 command-line
argument.) The first leak is confirmed to only affect servers
operating in DHCPv6 mode, but based on initial code analysis the
second may theoretically affect DHCPv4 servers (though this has not
been demonstrated.) (CVE-2012-3954).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954
https://kb.isc.org/article/AA-00714
https://kb.isc.org/article/AA-00712
https://kb.isc.org/article/AA-00737
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:115
========================

Updated packages in core/updates_testing:
========================
dhcp-common-4.2.4-0.P1.1.mga1
dhcp-doc-4.2.4-0.P1.1.mga1
dhcp-server-4.2.4-0.P1.1.mga1
dhcp-client-4.2.4-0.P1.1.mga1
dhcp-relay-4.2.4-0.P1.1.mga1
dhcp-devel-4.2.4-0.P1.1.mga1
dhcp-common-4.2.4P1-1.1.mga2
dhcp-doc-4.2.4P1-1.1.mga2
dhcp-server-4.2.4P1-1.1.mga2
dhcp-client-4.2.4P1-1.1.mga2
dhcp-relay-4.2.4P1-1.1.mga2
dhcp-devel-4.2.4P1-1.1.mga2

from SRPMS:
dhcp-4.2.4-0.P1.1.mga1.src.rpm
dhcp-4.2.4P1-1.1.mga2.src.rpm

Assignee: bugsquad => qa-bugs

I'll be testing the server and client on both arches/releases
shortly.

CC: (none) => davidwhodgins

Works ok on Mageia 2 x86/i568.

Tested:
dhcp-client-4.2.4P1-1.1.mga2
dhcp-common-4.2.4P1-1.1.mga2
dhcp-doc-4.2.4P1-1.1.mga2

CC: (none) => ed_rus099

Testing complete on Mageia 1 and 2, i586 and x86-64.

For testing the server, I turned off the dhcp server in
my router.  With the dhcp-server configured in a vb
guest, used a Mageia 3 vb install, to test that the
dhcp server is working.  Repeated for all 4 Mageia 1
and 2 vb guests.

For testing the client, turned on the dhcp server in
my router, changed all 4 Mageia 1 and 2 vb guests to
use Automatic settings, instead of manual, and ensured
network restart assigned ip addresses in the correct
range.

Could someone from the sysadmin team push the srpm
dhcp-4.2.4P1-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
dhcp-4.2.4-0.P1.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated dhcp packages fix security vulnerabilities:

An unexpected client identifier parameter can cause the ISC DHCP
daemon to segmentation fault when running in DHCPv6 mode, resulting
in a denial of service to further client requests. In order to exploit
this condition, an attacker must be able to send requests to the DHCP
server (CVE-2012-3570).

An error in the handling of malformed client identifiers can cause
a DHCP server running affected versions (see Impact) to enter a
state where further client requests are not processed and the server
process loops endlessly, consuming all available CPU cycles. Under
normal circumstances this condition should not be triggered, but a
non-conforming or malicious client could deliberately trigger it in
a vulnerable server. In order to exploit this condition an attacker
must be able to send requests to the DHCP server (CVE-2012-3571).

Two memory leaks have been found and fixed in ISC DHCP. Both are
reproducible when running in DHCPv6 mode (with the -6 command-line
argument.) The first leak is confirmed to only affect servers
operating in DHCPv6 mode, but based on initial code analysis the
second may theoretically affect DHCPv4 servers (though this has not
been demonstrated.) (CVE-2012-3954).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954
https://kb.isc.org/article/AA-00714
https://kb.isc.org/article/AA-00712
https://kb.isc.org/article/AA-00737
http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:115

https://bugs.mageia.org/show_bug.cgi?id=6872

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0256

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED