Mandriva has issued an advisory today (July 26): http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:115 Mageia 1 and Mageia 2 are also affected. Mandriva fixed it by updated to 4.2.4-P1, which fixes these issues.
CC: (none) => anssi.hannula
CC: (none) => pterjan
CC: (none) => thierry.vignaud
CC: (none) => dmorganec
CC: (none) => guillomovitch
Debian and Ubuntu have also issued advisories for this today: http://lwn.net/Alerts/508283/ http://www.ubuntu.com/usn/usn-1519-1/
URL: (none) => http://lwn.net/Vulnerabilities/508291/
Fixed in Cauldron by Guillaume Rousse.
Version: Cauldron => 2Whiteboard: (none) => MGA1TOO
Severity: normal => major
Updated package uploaded for Mageia 1 and Mageia 2. Advisory: ======================== Updated dhcp packages fix security vulnerabilities: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server (CVE-2012-3570). An error in the handling of malformed client identifiers can cause a DHCP server running affected versions (see Impact) to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server (CVE-2012-3571). Two memory leaks have been found and fixed in ISC DHCP. Both are reproducible when running in DHCPv6 mode (with the -6 command-line argument.) The first leak is confirmed to only affect servers operating in DHCPv6 mode, but based on initial code analysis the second may theoretically affect DHCPv4 servers (though this has not been demonstrated.) (CVE-2012-3954). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954 https://kb.isc.org/article/AA-00714 https://kb.isc.org/article/AA-00712 https://kb.isc.org/article/AA-00737 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:115 ======================== Updated packages in core/updates_testing: ======================== dhcp-common-4.2.4-0.P1.1.mga1 dhcp-doc-4.2.4-0.P1.1.mga1 dhcp-server-4.2.4-0.P1.1.mga1 dhcp-client-4.2.4-0.P1.1.mga1 dhcp-relay-4.2.4-0.P1.1.mga1 dhcp-devel-4.2.4-0.P1.1.mga1 dhcp-common-4.2.4P1-1.1.mga2 dhcp-doc-4.2.4P1-1.1.mga2 dhcp-server-4.2.4P1-1.1.mga2 dhcp-client-4.2.4P1-1.1.mga2 dhcp-relay-4.2.4P1-1.1.mga2 dhcp-devel-4.2.4P1-1.1.mga2 from SRPMS: dhcp-4.2.4-0.P1.1.mga1.src.rpm dhcp-4.2.4P1-1.1.mga2.src.rpm
Assignee: bugsquad => qa-bugs
I'll be testing the server and client on both arches/releases shortly.
CC: (none) => davidwhodgins
Works ok on Mageia 2 x86/i568. Tested: dhcp-client-4.2.4P1-1.1.mga2 dhcp-common-4.2.4P1-1.1.mga2 dhcp-doc-4.2.4P1-1.1.mga2
CC: (none) => ed_rus099
Testing complete on Mageia 1 and 2, i586 and x86-64. For testing the server, I turned off the dhcp server in my router. With the dhcp-server configured in a vb guest, used a Mageia 3 vb install, to test that the dhcp server is working. Repeated for all 4 Mageia 1 and 2 vb guests. For testing the client, turned on the dhcp server in my router, changed all 4 Mageia 1 and 2 vb guests to use Automatic settings, instead of manual, and ensured network restart assigned ip addresses in the correct range. Could someone from the sysadmin team push the srpm dhcp-4.2.4P1-1.1.mga2.src.rpm from Mageia 2 Core Updates Testing to Core Updates and the srpm dhcp-4.2.4-0.P1.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated dhcp packages fix security vulnerabilities: An unexpected client identifier parameter can cause the ISC DHCP daemon to segmentation fault when running in DHCPv6 mode, resulting in a denial of service to further client requests. In order to exploit this condition, an attacker must be able to send requests to the DHCP server (CVE-2012-3570). An error in the handling of malformed client identifiers can cause a DHCP server running affected versions (see Impact) to enter a state where further client requests are not processed and the server process loops endlessly, consuming all available CPU cycles. Under normal circumstances this condition should not be triggered, but a non-conforming or malicious client could deliberately trigger it in a vulnerable server. In order to exploit this condition an attacker must be able to send requests to the DHCP server (CVE-2012-3571). Two memory leaks have been found and fixed in ISC DHCP. Both are reproducible when running in DHCPv6 mode (with the -6 command-line argument.) The first leak is confirmed to only affect servers operating in DHCPv6 mode, but based on initial code analysis the second may theoretically affect DHCPv4 servers (though this has not been demonstrated.) (CVE-2012-3954). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954 https://kb.isc.org/article/AA-00714 https://kb.isc.org/article/AA-00712 https://kb.isc.org/article/AA-00737 http://www.mandriva.com/en/support/security/advisories/?dis=2011&name=MDVSA-2012:115 https://bugs.mageia.org/show_bug.cgi?id=6872
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1TOO => MGA1TOO MGA2-32-OK MGA2-64-OK MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0256
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED