ISC has issued advisories on February 28:
The issue is fixed upstream in 4.3.6-P1 and 4.4.1:
Mageia 5 and Mageia 6 are also affected.
Fixed upstream in 4.3.6-P1 and 4.4.1
Assigning to the registered maintainer.
RedHat has issued an advisory for this today (March 8):
Fedora has issued an advisory for this on March 5:
RedHat has issued an advisory for this today (March 12):
dhcp-4.3.6P1-1.mga7 uploaded for Cauldron.
We might be able to borrow patches from Fedora for the older versions if they apply:
openSUSE has issued an advisory for this on March 27:
Version 4.4.1 pushed into cauldron
Fedora patches mentionned in comment 5 applied to 4.3.5. Updated version now pushed (4.3.5-2.1) in core/updates_testing for mga6
Updated dhcp packages fix security vulnerabilities:
Buffer overflow in dhclient possibly allowing code execution triggered by
malicious server (CVE-2018-5732).
Reference count overflow in dhcpd allows denial of service (CVE-2018-5733).
Updated packages in core/updates_testing:
I updated dhcp-common and dhcp-client on both 64-bit and 32-bit systems on a Probook 6550b. I then did a cold boot on each system, to make sure that my wifi connection would establish, using dhcp with my router.
There were no problems noted. Using the 64-bit system to make this comment.
Going by Comment 1, these issues have been around for months. It's time the update was passed along.
Since the update doesn't appear to break anything, I am OKing on both arches, and validating.
An update for this issue has been pushed to the Mageia Updates repository.