ISC has issued an advisory on January 12: https://kb.isc.org/article/AA-01334 Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated dhcp packages fix security vulnerability: A badly formed packet with an invalid IPv4 UDP length field can cause an ISC DHCP server, client, or relay program to terminate abnormally (CVE-2015-8605). The dhcp package has been updated to version 4.3.3-P1, which fixes this issue and several other bugs. Also, the package has also been enhanced to provide better support for running a DHCPv6 server (mga#17177). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8605 https://kb.isc.org/article/AA-01334 https://kb.isc.org/article/AA-01329 https://bugs.mageia.org/show_bug.cgi?id=17177 https://bugs.mageia.org/show_bug.cgi?id=17490 ======================== Updated packages in core/updates_testing: ======================== dhcp-common-4.3.3P1-1.mga5 dhcp-doc-4.3.3P1-1.mga5 dhcp-server-4.3.3P1-1.mga5 dhcp-client-4.3.3P1-1.mga5 dhcp-relay-4.3.3P1-1.mga5 dhcp-devel-4.3.3P1-1.mga5 from dhcp-4.3.3P1-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 17177
Debian has issued an advisory for this today: https://lists.debian.org/debian-security-announce/2016/msg00011.html https://www.debian.org/security/2016/dsa-3442
URL: (none) => http://lwn.net/Vulnerabilities/671736/
In VirtualBox, M5, KDE, 32-bit Package(s) under test: dhcp-common dhcp-client default install of dhcp-common & dhcp-client [root@localhost wilcal]# urpmi dhcp-common Package dhcp-common-4.3.2-1.1.mga5.i586 is already installed [root@localhost wilcal]# urpmi dhcp-client Package dhcp-client-4.3.2-1.1.mga5.i586 is already installed Client connects properly to dhcp server in Vbox "router" ( 10.0.2.15 ) install dhcp-common & dhcp-client from updates_testing [root@localhost wilcal]# urpmi dhcp-common Package dhcp-common-4.3.3P1-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi dhcp-client Package dhcp-client-4.3.3P1-1.mga5.i586 is already installed Client connects properly to dhcp server in Vbox "router" ( 10.0.2.15 )
CC: (none) => wilcal.int
In VirtualBox, M5, KDE, 64-bit Package(s) under test: dhcp-common dhcp-client default install of dhcp-common & dhcp-client [root@localhost wilcal]# urpmi dhcp-common Package dhcp-common-4.3.2-1.1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dhcp-client Package dhcp-client-4.3.2-1.1.mga5.x86_64 is already installed Client connects properly to dhcp server in Vbox "router" ( 10.0.2.15 ) install dhcp-common & dhcp-client from updates_testing [root@localhost wilcal]# urpmi dhcp-common Package dhcp-common-4.3.3P1-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi dhcp-client Package dhcp-client-4.3.3P1-1.mga5.x86_64 is already installed Client connects properly to dhcp server in Vbox "router" ( 10.0.2.15 )
Adding the OKs and validating based on comments 2 and 3. Advisory also loaded to svn.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0028.html
Status: NEW => RESOLVEDResolution: (none) => FIXED