Updated dhcpcd packages fix security vulnerability
Publication date: 21 Jan 2016Modification date: 21 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1503 , CVE-2016-1504
Description
Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp
responses due to incorrect option length values (CVE-2016-1503).
Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp
responses can lead to a crash (CVE-2016-1504).
The dhcpcd package has been updated to version 6.10.0 which fixes these
issues and has several other bug fixes and enhancements.
References
- https://bugs.mageia.org/show_bug.cgi?id=17462
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1001.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1004.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1012.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1018.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1058.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1089.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1093.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1129.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1143.html
- http://openwall.com/lists/oss-security/2016/01/07/4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1503
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1504
SRPMS
5/core
- dhcpcd-6.10.0-1.mga5