Advisories ยป MGASA-2016-0034

Updated dhcpcd packages fix security vulnerability

Publication date: 21 Jan 2016
Modification date: 21 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1503 , CVE-2016-1504

Description

Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp
responses due to incorrect option length values (CVE-2016-1503).

Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp
responses can lead to a crash (CVE-2016-1504).

The dhcpcd package has been updated to version 6.10.0 which fixes these
issues and has several other bug fixes and enhancements.
                

References

SRPMS

5/core