Univention Bugzilla – Full Text Bug Listing |
Summary: | isc-dhcp: Denial of service (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Security updates | Assignee: | Philipp Hahn <hahn> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P5 | CC: | gohmann, hahn |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-4-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | Security | |
Max CVSS v3 score: | |||
Bug Depends on: | 40545 | ||
Bug Blocks: | 40547 |
Description
Arvid Requate
2016-02-01 11:45:19 CET
repo_admin.py -U -p isc-dhcp -d wheezy -r 4.0-0-0 -s errata4.0-4 r15950 | Bug #40546 dhcp: Fix patch application r15951 | Bug #40546 dhcp: Refresh patch application r15982 | Bug #40546 dhcp: FTBFS .NOTPARALLEL: Package: isc-dhcp Version: 4.2.2.dfsg.1-5+deb70u8.36.201602231227 Branch: ucs_4.0-0 Scope: errata4.0-4 r67629 | Bug #40546 dhcp: YAML 4.0-4 isc-dhcp.yaml Another issue, maybe we can pick up the patch too if it is available in short term: * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. (CVE-2016-2774) (In reply to Arvid Requate from comment #2) > Another issue, maybe we can pick up the patch too if it is available in > short term: > > * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does > not restrict the number of concurrent TCP sessions, which allows remote > attackers to cause a denial of service (INSIST assertion failure or > request-processing outage) by establishing many sessions. (CVE-2016-2774) This is a minor issue, ignored. Tests (amd64): OK Advisory: OK |