dhcp-4.3.6-49.el8

エラータID: AXSA:2023-5859:04

Release date: 
Tuesday, June 6, 2023 - 08:09
Subject: 
dhcp-4.3.6-49.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

* dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort (CVE-2022-2928)
* dhcp: DHCP memory leak (CVE-2022-2929)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-2928
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
CVE-2022-2929
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.

Solution: 

Update packages.

CVEs: 
CVE-2022-2928
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
CVE-2022-2929
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
Additional Info: 

N/A

Download: 

SRPMS
  1. dhcp-4.3.6-49.el8.src.rpm
    MD5: 8910c27a1cb8e43b6e7c5b5d5a6e6961
    SHA-256: 4da3abd9c35e1e0c3756441e249120265a04af6fc4ca3e1cc7d615dec24119cf
    Size: 9.91 MB

Asianux Server 8 for x86_64
  1. dhcp-client-4.3.6-49.el8.x86_64.rpm
    MD5: f3666ffdc21054dd7224b5bd01da9ebe
    SHA-256: 6377a34a5c172aeee2a6ba22b58f250795f4260e22e43528cc78bd0c0e4e9541
    Size: 317.29 kB
  2. dhcp-common-4.3.6-49.el8.noarch.rpm
    MD5: f8d3dcf5a06f21c7383aebbae35fc7ab
    SHA-256: b1875addd5917e9d80f5e95444a26b481b987aec324259e9e0322eb60b88a296
    Size: 206.41 kB
  3. dhcp-libs-4.3.6-49.el8.i686.rpm
    MD5: 1557250e34b552e3610184d0208222d0
    SHA-256: c44d7695bf0c99fa51421c45a63475d24d132fe28ee6ceceaec038cfcad89e29
    Size: 152.31 kB
  4. dhcp-libs-4.3.6-49.el8.x86_64.rpm
    MD5: 7a5e78fecc8ed6c0a655a4ce84e159a8
    SHA-256: c4246918b39542031fa7921573c2ca8d92ca0d5c5c402eea0810684a2737a9ed
    Size: 147.04 kB
  5. dhcp-relay-4.3.6-49.el8.x86_64.rpm
    MD5: dea065077e4acd157ae99794585b191e
    SHA-256: 65732ec0458dc135762096d87c60f23848dbd805df3b2c5e3cb7a88d584c7b17
    Size: 235.71 kB
  6. dhcp-server-4.3.6-49.el8.x86_64.rpm
    MD5: c5c86b7c6c68713e55e79b2cb111a9ac
    SHA-256: 637f51b9e9e330ab9c03aae992c5680a59d61576546c24b53efbf873c189c64c
    Size: 529.25 kB