Univention Bugzilla – Bug 40547
isc-dhcp: Denial of service (3.2)
Last modified: 2016-04-06 14:35:58 CEST
Upstream Debian package version 4.1.1-P1-15+squeeze10 fixes this issue: * ISC dhcp allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet (CVE-2015-8605)
repo_admin.py -U -p isc-dhcp -d squeeze-lts -r 3.2-0-0 -s errata3.2-8 svn cp --parents svn+ssh://billy.knut.univention.de/var/svn/patches/isc-dhcp/3.1-0-0-ucs/4.1.1-P1-15+squeeze6 svn+ssh://billy.knut.univention.de/var/svn/patches/isc-dhcp/3.2-0-0-ucs/4.1.1-P1-15+squeeze10-errata3.2-8 r15949 | Bug #40547 dhcp: "Remove unused local variables" merged in Debian by drop_unused_vars_from_ldap-c.dpatch Package: isc-dhcp Version: 4.1.1-P1-15.33.201602221620 Branch: ucs_3.2-0 Scope: errata3.2-8 r67612 | Bug #40547 dhcp: CVE-2015-8605 isc-dhcp.yaml
Another issue, maybe we can pick up the patch too if it is available in short term: * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. (CVE-2016-2774)
(In reply to Arvid Requate from comment #2) > Another issue, maybe we can pick up the patch too if it is available in > short term: > > * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does > not restrict the number of concurrent TCP sessions, which allows remote > attackers to cause a denial of service (INSIST assertion failure or > request-processing outage) by establishing many sessions. (CVE-2016-2774) This is a minor issue, ignored.
Tests (amd64): OK Advisory: OK
<http://errata.software-univention.de/ucs/3.2/411.html>