Debian
 » 
Debian Security

Re: [ssa] [SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution

View: New views
2 Messages — Rating Filter:   Alert me  

Parent Message unknown Re: [ssa] [SECURITY] [DSA 1833-2] New dhcp3 packages fix arbitrary code execution

by security-60 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Gedaan.

Florian Weimer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1833-2                  security@...
> http://www.debian.org/security/                           Florian Weimer
> August 25, 2009                       http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package        : dhcp3
> Vulnerability  : several
> Problem type   : remote
> Debian-specific: no
> CVE Id(s)      : CVE-2009-0692 CVE-2009-1892
> CERT advisory  : VU#410676
>
> The previous dhcp3 update (DSA-1833-1) did not properly apply the
> required changes to the stable (lenny) version.  The old stable (etch)
> version is not affected by this problem.
>
> The original advisory description follows.
>
> Several remote vulnerabilities have been discovered in ISC's DHCP
> implementation:
>
> It was discovered that dhclient does not properly handle overlong
> subnet mask options, leading to a stack-based buffer overflow and
> possible arbitrary code execution.  (CVE-2009-0692)
>
> Christoph Biedl discovered that the DHCP server may terminate when
> receiving certain well-formed DHCP requests, provided that the server
> configuration mixes host definitions using "dhcp-client-identifier"
> and "hardware ethernet".  This vulnerability only affects the lenny
> versions of dhcp3-server and dhcp3-server-ldap.  (CVE-2009-1892)
>
> For the stable distribution (lenny), this problem has been fixed in
> version 3.1.1-6+lenny3.
>
> We recommend that you upgrade your dhcp3 packages.
>
> Upgrade instructions
> - --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 5.0 alias lenny
> - --------------------------------
>
> Source archives:
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1.orig.tar.gz
>     Size/MD5 checksum:   798228 fcc19330a9c3a0efb5620409214652a9
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny3.dsc
>     Size/MD5 checksum:     1488 b884753ce46061cc6e0e6a783d7c24a3
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.1.1-6+lenny3.diff.gz
>     Size/MD5 checksum:   128921 178f7799fbe3e8fb5a0472a8060bebf7
>
> Architecture independent packages:
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp-client_3.1.1-6+lenny3_all.deb
>     Size/MD5 checksum:    23010 e772483a84fdca84407e39556188a13e
>
> alpha architecture (DEC Alpha)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   148302 296381030181bf29e5185823472c34c7
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   348542 910f44119d0cbcefdfdb0496b72f75c0
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   272004 63e37fc50ae798ad86713ff354f5b996
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   394460 a77802ce027f350aed83be710c92fa9f
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_alpha.udeb
>     Size/MD5 checksum:   215132 ea9207b439e373b7cda0633600fc2a66
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   127514 f1287179244c1684b1a892c187624425
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_alpha.deb
>     Size/MD5 checksum:   333782 713d3ad0235144a0537d747a66766b6a
>
> amd64 architecture (AMD x86_64 (AMD64))
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   310356 6fb09a20cce949a6edd1a9a628863a2d
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   114266 bb511a3be6b474ba6233a00bd70d52b3
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_amd64.udeb
>     Size/MD5 checksum:   188422 f2aaca0e2a93c0b3647d6cebc2dc515e
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   358418 15b92a206a5f782b91ef21a1cb89d8c1
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   245246 22f8d4e550561f67ac9145e114281d30
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   313224 2033f60c749a3e71631a5b153a77ae27
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_amd64.deb
>     Size/MD5 checksum:   120442 f86b93961879963e2ea5dc0c5f2d344c
>
> arm architecture (ARM)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   226592 ddba5071d36b331c5a001b67a1b94410
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   291194 4673741acf27ce06150203ea2cfde77f
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   103716 cfa5568781f496e02e490ad803b79acc
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   336408 56415a0df425eace6189f47585a63c01
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   108910 efb3c5019520090a189212af9b6dcf3d
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_arm.deb
>     Size/MD5 checksum:   292858 3d1d50251c7953847178a888e6cd91cf
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_arm.udeb
>     Size/MD5 checksum:   170066 18a05aa4dfe765c6cc3f99b31e77ecac
>
> armel architecture (ARM EABI)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   227670 41fc7a60258569b01280b594d6293264
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   337326 266b173681f5c3ea777ae7710cbee665
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   109000 d04801f4eb76218ff8d8e791acef63ad
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   103446 dd8d97b1c2364fd1995861454b1fc4a4
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_armel.udeb
>     Size/MD5 checksum:   170862 6d71afbbe92432bd1a97c264cfd63561
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   293940 13e80b7f3b18b939c59193433f72e7b5
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_armel.deb
>     Size/MD5 checksum:   293866 e1aaacdd2982b92f1e08126a8a8f2651
>
> hppa architecture (HP PA RISC)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   128540 42870a2ec98979a8c59e23bc6fab70f6
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   324744 243543866ed9202ce92e9ddc8341fd22
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   252142 d0e2729de7ff5da898457d7ee7d1b006
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   315534 1657f330bf1b1aacb9b14b419ad003a5
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   369264 20f45be07aa3a831d7ea7a3dfaece2d1
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_hppa.udeb
>     Size/MD5 checksum:   194978 aa479a0645490f800b342aff92bef059
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_hppa.deb
>     Size/MD5 checksum:   116256 dbb01f0c3302f6e35a30e8e5572bf244
>
> i386 architecture (Intel ia32)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   286974 7129977793036958290bbae514dbf1d6
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   289992 ea449e5b736070fae42f67792eb0e47e
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   223668 d943808ec256705e0950fe652bb6f9b4
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   102102 2522fcb18f0a6f4aa2f8bbc07427e237
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_i386.udeb
>     Size/MD5 checksum:   167012 e642d66307eff2f9a6ece11291b4a06d
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   332706 647086523305d950e2aebc1805cf2e92
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_i386.deb
>     Size/MD5 checksum:   106618 c0430456e7d746d57fd58a676147950f
>
> ia64 architecture (Intel ia64)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   155090 8f8b0bfb1d3e0755c15df15fc920a8af
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_ia64.udeb
>     Size/MD5 checksum:   289292 c997f11a86e7df414bacbad0e5e944be
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   159892 12cd71f2e058c63a602d74983adb5c39
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   464804 ceb110ae2899d450987ca83dfdb38944
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   347522 4c9f4bdec5669dc29b46a6e83a4fa5ef
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   508092 a1a293a6ddee469e040d7ff364ee791a
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_ia64.deb
>     Size/MD5 checksum:   400328 937f8ee9ac9d25af6921222e7b92a108
>
> mips architecture (MIPS (Big Endian))
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   123936 53d5f37d69d182cbbe312f52550a84b1
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   114502 dee95947cb21084abf748e8a42960846
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_mips.udeb
>     Size/MD5 checksum:   188178 2926264f19c138bdd2c72458606e4c0c
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   359836 a903759df5a549c6a5e3aa227790fe04
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   308718 a476ebabd4537f41f1d5a787ea7ff9fa
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   245276 c95b1fccff2d8ad01b5cbc4981eeac8c
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_mips.deb
>     Size/MD5 checksum:   314998 80f09a90d259ce66a342447d98a9a379
>
> mipsel architecture (MIPS (Little Endian))
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   247700 eda49dcddd8fdfd58b85645c315c5faf
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   310874 a05df96245d09530155f9e81bd63a4fb
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   362206 a57eeaf69fd65711afe6cb5417e5f0df
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   125542 4a1784603dae8acfae95d4f9d0ce8e30
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_mipsel.udeb
>     Size/MD5 checksum:   190284 30cff1bafcc1ba24b5b5ab7495798dea
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   116262 f3956046702a31009c21bc4a18279052
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_mipsel.deb
>     Size/MD5 checksum:   317264 25bb814dfa93b8114fc6d0a0ddd0cbdf
>
> powerpc architecture (PowerPC)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   111052 8e0dfe581f4cfb3bcd0e74490cbcffab
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   119514 99c8afb47de64f36a82db6cd21513476
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   241126 e779f852e414e537a35295f238d38356
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   353466 9af62ed705a6ae46b208579dfa481d6a
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_powerpc.udeb
>     Size/MD5 checksum:   183816 4438592b9fdf9117b8c037a7047ee5f8
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   310638 3d93a3137afe44b45de6c398bdb701c8
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_powerpc.deb
>     Size/MD5 checksum:   304958 b2a44d63cc34124883564f5296ef18e7
>
> s390 architecture (IBM S/390)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   117592 db3a8ae34c5e3a836dbf9e72c5067a90
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   348950 3ecac83017405ee2aa924cfb5905233d
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_s390.udeb
>     Size/MD5 checksum:   182078 35859dae5c87aae0fef90f2ab796714e
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   112450 1243ac51995a6a6492d8b3da08d6fd5a
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   239428 ea577141dbeff528fa9b431fd712d7e8
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   303426 546d21f56cfad698fa28856cc2181c19
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_s390.deb
>     Size/MD5 checksum:   303700 4e76286fe1a10d48537c4246b35526b9
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   283826 c0f5fce1f190aabd11b1851636af3ea3
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   324576 13f0ac8544ff2f50b27a44dc1d0e5e95
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server-ldap_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   279396 6171cb5605c87dddaa215eba5f15e38d
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   218466 e3fab612bad763549dd5d4cd94dd6892
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   101600 d5d9016bdb0723205e3b0e5463315fda
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.1.1-6+lenny3_sparc.deb
>     Size/MD5 checksum:   109816 85e004868374d6dbc78255efff2fbf7f
>   http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client-udeb_3.1.1-6+lenny3_sparc.udeb
>     Size/MD5 checksum:   161378 2b4b855d8e3b8790e34a3de715df9db2
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> - ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> Mailing list: debian-security-announce@...
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iQEcBAEBAgAGBQJKlEMFAAoJEL97/wQC1SS+PfEH/3N4ADHkPs6rVcUVHztxTQVf
> bMd1bmy53/aGhJZGkSz/SC2p9P1tHIWw+ZUVRY8Gm1atybGWJzspMGdop3nHkvAW
> gDkLWzAdodyBMB4iQS8jaLQTltHVbybiQU/LZoiWxw2A7BYZ8Z0TsBjw7gR24mYx
> sneX2nyZx/h6aLHcU3VRDVRp9+dxZzFjMUfRl5OHNWyeoLaefdf3n6HTgEk3Mbby
> LpbwXnc1Y0rSn9QSeqYb5HJQNHMy0tNJ47MkZII0Or8LftlPKCR4Nkj+oxFYImzK
> Yra3e2bAS7k3lqJngkD6KGg4pDpOCe2k8PT6qDxvy9NAf4a0dm/0mKo4oZWaDZk=
> =ZA1X
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@...
> with a subject of "unsubscribe". Trouble? Contact listmaster@...
>
>
> _______________________________________________
> ssa@... mailing list
> https://lists.sara.nl/mailman/listinfo/ssa


--
Met vriendelijke groeten / Kind regards,

Jaap P. Dijkshoorn
Groupleader Cluster Computing / Systems Programmer
mailto:jaap@...    http://home.sara.nl/~jaapd

Science Park 121 1098 XG Amsterdam
Tel: +31-(0)20-5923000
Fax: +31-(0)20-6683167
http://www.sara.nl

FKA:
SARA Computing & Networking Services
Kruislaan 415     1098 SJ  Amsterdam


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...


Re: [DSA 1833-2] New dhcp3 packages fix arbitrary code execution

by Goswin von Brederlow-2 :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

> Florian Weimer wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> - ------------------------------------------------------------------------
>> Debian Security Advisory DSA-1833-2                  security@...
>> http://www.debian.org/security/                           Florian Weimer
>> August 25, 2009                       http://www.debian.org/security/faq
>> - ------------------------------------------------------------------------
>>
>> Package        : dhcp3
>> Vulnerability  : several
>> Problem type   : remote
>> Debian-specific: no
>> CVE Id(s)      : CVE-2009-0692 CVE-2009-1892
>> CERT advisory  : VU#410676
>>
>> The previous dhcp3 update (DSA-1833-1) did not properly apply the
>> required changes to the stable (lenny) version.  The old stable (etch)
>> version is not affected by this problem.

Does that now apply the security patch to the ldap version as well? I
noticed that the previous one unapplied it before building the ldap
flavour.

MfG
        Goswin


--
To UNSUBSCRIBE, email to debian-security-REQUEST@...
with a subject of "unsubscribe". Trouble? Contact listmaster@...

Free embeddable forum powered by Nabble Forum Help