Upstream has issued an advisory on March 7: https://kb.isc.org/article/AA-01354 There will be mitigations for this to make it harder to exploit in 4.3.4, so we should update that in Cauldron when it becomes available. However, the vulnerability isn't exposed by default, as an administrator has to enable OMAPI or failover to expose it. The real solution, if one has enabled one of those features, is to configure the firewall to reject connections to those ports from untrusted hosts. So, this is more of a system administrator configuration issue than a software security issue. Therefore, an updated package for Mageia 5 is unnecessary.
CC: (none) => marja11Assignee: bugsquad => shlomif
dhcp-4.3.4-1.mga6 uploaded for Cauldron.
Status: NEW => RESOLVEDResolution: (none) => FIXED
Fedora has issued an advisory for this on April 4: https://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.html I have added their patch in Mageia 5 SVN.
URL: (none) => http://lwn.net/Vulnerabilities/686450/Severity: normal => major