Advisories » MGASA-2017-0458

Updated dhcp packages fix security vulnerability

Publication date: 21 Dec 2017
Modification date: 17 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3144

Description

It was found that the DHCP daemon does not free socket descriptors when
handling empty OMAPI messages. An adjacent network attacker could
potentially use this flaw to send crafted OMAPI messages to the DHCP
daemon, thereby leading to denial of service due to exhaustion of file
descriptors in the DHCP daemon process.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22204
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UJCMW5N3YHQ7WCRPR2QZBKJZBVJUZ6LG/
• https://kb.isc.org/article/AA-01541
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144

SRPMS

6/core

• dhcp-4.3.5-1.1.mga6

5/core

• dhcp-4.3.3P1-1.1.mga5