dhcp-4.1.1-63.P1.0.2.AXS4

エラータID: AXSA:2021-2027:03

Release date: 
Thursday, June 17, 2021 - 13:37
Subject: 
dhcp-4.1.1-63.P1.0.2.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast address.
The dhcp packages provide a relay agent and ISC DHCP service required to enable
and administer DHCP on a network.

Security Fix(es):

* dhcp: stack-based buffer overflow when parsing statements with
colon-separated hex digits in config or lease files in dhcpd and dhclient
(CVE-2021-25217)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-25217
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches
of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the
4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC.
From inspection it is clear that the defect is also present in releases from
those series, but they have not been officially tested for the vulnerability),
The outcome of encountering the defect while reading a lease that will trigger
it varies, according to: the component being affected (i.e., dhclient or dhcpd)
whether the package was built as a 32-bit or 64-bit binary whether the compiler
flag -fstack-protection-strong was used when compiling In dhclient, ISC has not
successfully reproduced the error on a 64-bit system. However, on a 32-bit
system it is possible to cause dhclient to crash when reading an improper lease,
which could cause network connectivity problems for an affected system due to
the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or
DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND
the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit
while parsing a lease file containing an objectionable lease, resulting in lack
of service to clients. Additionally, the offending lease and the lease
immediately following it in the lease database may be improperly deleted. if the
dhcpd server binary was built for a 64-bit architecture OR if the
-fstack-protection-strong compiler flag was NOT specified, the crash will not
occur, but it is possible for the offending lease and the lease which
immediately followed it to be improperly deleted.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. dhcp-4.1.1-63.P1.0.2.AXS4.src.rpm
    MD5: ea2b27ed87cc641fa54abb099dbe2d5d
    SHA-256: 0f4314d39eea3e6ceea0b28887ee57e67165f723c593106674cac63f27f2d874
    Size: 1.26 MB

Asianux Server 4 for x86
  1. dhclient-4.1.1-63.P1.0.2.AXS4.i686.rpm
    MD5: 39480a3b39dfaa971eec3fa15d3f4f7c
    SHA-256: dad9a4aba5953adaec6ed7cdbadaf252348eb1d7e96d62c357160d8d8416b852
    Size: 321.29 kB
  2. dhcp-4.1.1-63.P1.0.2.AXS4.i686.rpm
    MD5: 5e5983ffc60fa47ddd029f87c7e98a15
    SHA-256: d5dea7a723a0d4193d0a1cde9135f22257e64b7819443799b5d7d6677e5ac33e
    Size: 825.60 kB
  3. dhcp-common-4.1.1-63.P1.0.2.AXS4.i686.rpm
    MD5: 30da6a90adbd2d90765ff21ce48991fc
    SHA-256: c03f9801a89c226b96e798dd35038346472f6ad71170ecee73cf0a04544c2c5b
    Size: 145.04 kB

Asianux Server 4 for x86_64
  1. dhclient-4.1.1-63.P1.0.2.AXS4.x86_64.rpm
    MD5: 2c6e35417651856f1dd16fc05366a2cf
    SHA-256: fd95cf85fbeee49e812ddd95072bda517a862fd58bb567e142c6694cd5005f63
    Size: 322.21 kB
  2. dhcp-4.1.1-63.P1.0.2.AXS4.x86_64.rpm
    MD5: 2d7939065f7237b46bceb266e4b47872
    SHA-256: aa1c06256c57d33bd7b2b520e172e48fcbe04500f35befb37306a7b7f5546e47
    Size: 823.72 kB
  3. dhcp-common-4.1.1-63.P1.0.2.AXS4.x86_64.rpm
    MD5: da6177f364330a1e877fd9cb6820a494
    SHA-256: ff60639163a82057f375c4204625a2c74ce8f45f7708ceff94d7ca76632865e1
    Size: 144.59 kB