Univention Bugzilla – Bug 40546
isc-dhcp: Denial of service (4.0)
Last modified: 2016-04-06 14:04:03 CEST
+++ This bug was initially created as a clone of Bug #40545 +++ Upstream Debian package version 4.2.2.dfsg.1-5+deb70u8 fixes this issue: * ISC dhcp allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet (CVE-2015-8605)
repo_admin.py -U -p isc-dhcp -d wheezy -r 4.0-0-0 -s errata4.0-4 r15950 | Bug #40546 dhcp: Fix patch application r15951 | Bug #40546 dhcp: Refresh patch application r15982 | Bug #40546 dhcp: FTBFS .NOTPARALLEL: Package: isc-dhcp Version: 4.2.2.dfsg.1-5+deb70u8.36.201602231227 Branch: ucs_4.0-0 Scope: errata4.0-4 r67629 | Bug #40546 dhcp: YAML 4.0-4 isc-dhcp.yaml
Another issue, maybe we can pick up the patch too if it is available in short term: * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. (CVE-2016-2774)
(In reply to Arvid Requate from comment #2) > Another issue, maybe we can pick up the patch too if it is available in > short term: > > * ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does > not restrict the number of concurrent TCP sessions, which allows remote > attackers to cause a denial of service (INSIST assertion failure or > request-processing outage) by establishing many sessions. (CVE-2016-2774) This is a minor issue, ignored.
Tests (amd64): OK Advisory: OK
<http://errata.software-univention.de/ucs/4.0/409.html>