Univention Bugzilla – Full Text Bug Listing |
Summary: | isc-dhcp: Denial of service (4.1) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, hahn |
Version: | UCS 4.1 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.1-1-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 40546, 40547 |
Description
Arvid Requate
2016-02-01 11:44:41 CET
repo_admin.py --cherrypick -r 4.0 -s errata4.0-4 --releasedest 4.1 --dest errata4.1-1 -p isc-dhcp Package: isc-dhcp Version: 4.2.2.dfsg.1-5+deb70u8.37.201602231237 Branch: ucs_4.1-0 Scope: errata4.1-1 r67630 | Bug #40545 dhcp: YAML 4.1-1 isc-dhcp.yaml Another issue, maybe we can pick up the patch too if it is available in short term: * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. (CVE-2016-2774) (In reply to Arvid Requate from comment #2) > Another issue, maybe we can pick up the patch too if it is available in > short term: > > * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does > not restrict the number of concurrent TCP sessions, which allows remote > attackers to cause a denial of service (INSIST assertion failure or > request-processing outage) by establishing many sessions. (CVE-2016-2774) This is a minor issue, ignored. Tests (amd64): OK Advisory: OK |