ISC has issued advisories on February 28: https://kb.isc.org/article/AA-01565 https://kb.isc.org/article/AA-01567 The issue is fixed upstream in 4.3.6-P1 and 4.4.1: https://kb.isc.org/article/AA-01570 https://kb.isc.org/article/AA-01567 Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOOStatus comment: (none) => Fixed upstream in 4.3.6-P1 and 4.4.1
Assigning to the registered maintainer.
Assignee: bugsquad => shlomifCC: (none) => marja11
RedHat has issued an advisory for this today (March 8): https://access.redhat.com/errata/RHSA-2018:0469
Fedora has issued an advisory for this on March 5: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RR3UFXHOL7MG7FGZSMXZ7S25Y6CWOFYL/
RedHat has issued an advisory for this today (March 12): https://access.redhat.com/errata/RHSA-2018:0483
dhcp-4.3.6P1-1.mga7 uploaded for Cauldron. We might be able to borrow patches from Fedora for the older versions if they apply: https://src.fedoraproject.org/cgit/rpms/dhcp.git/commit/?h=f27&id=a7c8513f1d318de7553b975cbb9089dc4b5ba8b8
Whiteboard: MGA6TOO => MGA5TOOVersion: Cauldron => 6
openSUSE has issued an advisory for this on March 27: https://lists.opensuse.org/opensuse-updates/2018-03/msg00106.html
Version 4.4.1 pushed into cauldron
Status: NEW => ASSIGNEDCC: (none) => bruno
Fedora patches mentionned in comment 5 applied to 4.3.5. Updated version now pushed (4.3.5-2.1) in core/updates_testing for mga6
Assignee: shlomif => qa-bugs
Advisory: ======================== Updated dhcp packages fix security vulnerabilities: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732). Reference count overflow in dhcpd allows denial of service (CVE-2018-5733). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5733 https://kb.isc.org/article/AA-01565 https://kb.isc.org/article/AA-01567 https://access.redhat.com/errata/RHSA-2018:0483 ======================== Updated packages in core/updates_testing: ======================== dhcp-common-4.3.5-2.1.mga6 dhcp-doc-4.3.5-2.1.mga6 dhcp-server-4.3.5-2.1.mga6 dhcp-client-4.3.5-2.1.mga6 dhcp-relay-4.3.5-2.1.mga6 dhcp-devel-4.3.5-2.1.mga6 from dhcp-4.3.5-2.1.mga6.src.rpm
Whiteboard: MGA5TOO => (none)
I updated dhcp-common and dhcp-client on both 64-bit and 32-bit systems on a Probook 6550b. I then did a cold boot on each system, to make sure that my wifi connection would establish, using dhcp with my router. There were no problems noted. Using the 64-bit system to make this comment. Going by Comment 1, these issues have been around for months. It's time the update was passed along. Since the update doesn't appear to break anything, I am OKing on both arches, and validating.
Whiteboard: (none) => MGA6-32-OK MGA6-64-OKKeywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0410.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED