Updated dhcpcd packages fix security vulnerability
Publication date: 20 May 2016Modification date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-7913
Description
The print_option function in dhcp-common.c in dhcpcd through 6.10.2
misinterprets the return value of the snprintf function, which allows
remote DHCP servers to execute arbitrary code or cause a denial of service
(memory corruption) via a crafted message (CVE-2014-7913).
The dhcpcd package has been updated to version 6.11.0 which fixes this
issue and has several other bug fixes and enhancements.
References
- https://bugs.mageia.org/show_bug.cgi?id=18422
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1146.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1244.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1251.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1292.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913
SRPMS
5/core
- dhcpcd-6.11.0-1.mga5