Updated dhcp packages fix security vulnerability
Publication date: 21 Dec 2017Modification date: 17 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-3144
Description
It was found that the DHCP daemon does not free socket descriptors when handling empty OMAPI messages. An adjacent network attacker could potentially use this flaw to send crafted OMAPI messages to the DHCP daemon, thereby leading to denial of service due to exhaustion of file descriptors in the DHCP daemon process.
References
SRPMS
5/core
- dhcp-4.3.3P1-1.1.mga5
6/core
- dhcp-4.3.5-1.1.mga6