[USN-3586-2] DHCP vulnerabilities

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[USN-3586-2] DHCP vulnerabilities

Leonidas S. Barbosa
Ubuntu Security Notice USN-3586-2
May 28, 2018

isc-dhcp vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 ESM


Several security issues were fixed in DHCP.

Software Description:
- isc-dhcp: DHCP server and client


USN-3586-1 fixed a vulnerability in DHCP. This update provides
the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 Felix Wilhelm discovered that the DHCP client incorrectly handled
 certain malformed responses. A remote attacker could use this issue to
 cause the DHCP client to crash, resulting in a denial of service, or
 possibly execute arbitrary code. In the default installation,
 attackers would be isolated by the dhclient AppArmor profile. 

 Felix Wilhelm discovered that the DHCP server incorrectly handled
 reference counting. A remote attacker could possibly use this issue to
 cause the DHCP server to crash, resulting in a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  isc-dhcp-client                 4.1.ESV-R4-0ubuntu5.13
  isc-dhcp-relay                  4.1.ESV-R4-0ubuntu5.13
  isc-dhcp-server                 4.1.ESV-R4-0ubuntu5.13
  isc-dhcp-server-ldap            4.1.ESV-R4-0ubuntu5.13

In general, a standard system update will make all the necessary

  CVE-2018-5732, CVE-2018-5733
ubuntu-security-announce mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

signature.asc (836 bytes) Download Attachment