dhcp-4.1.1-53.P1.3.0.1.AXS4

エラータID: AXSA:2018-2614:01

Release date: 
Tuesday, March 13, 2018 - 16:09
Subject: 
dhcp-4.1.1-53.P1.3.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

* dhcp: Buffer overflow in dhclient possibly allowing code execution triggered by malicious server (CVE-2018-5732)

* dhcp: Reference count overflow in dhcpd allows denial of service (CVE-2018-5733)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Asianux would like to thank ISC for reporting these issues. Upstream acknowledges Felix Wilhelm (Google) as the original reporter of these issues.

CVE-2018-5732
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2018-5733
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2018-5732
Failure to properly bounds-check a buffer used for processing DHCP options allows a malicious server (or an entity masquerading as a server) to cause a buffer overflow (and resulting crash) in dhclient by sending a response containing a specially constructed options section. Affects ISC DHCP versions 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0
CVE-2018-5733
A malicious client which is allowed to send very large amounts of traffic (billions of packets) to a DHCP server can eventually overflow a 32-bit reference counter, potentially causing dhcpd to crash. Affects ISC DHCP 4.1.0 -> 4.1-ESV-R15, 4.2.0 -> 4.2.8, 4.3.0 -> 4.3.6, 4.4.0.
Additional Info: 

N/A

Download: 

SRPMS
  1. dhcp-4.1.1-53.P1.3.0.1.AXS4.src.rpm
    MD5: 9fda04e86062ff4e960b7edc5c5130c2
    SHA-256: 5511bdf70abbd892353f1ffaa5c3659137f5b51333ebabed3b1da5283cd08a9d
    Size: 1.26 MB

Asianux Server 4 for x86
  1. dhclient-4.1.1-53.P1.3.0.1.AXS4.i686.rpm
    MD5: bf32544d50db51d5314af32186317887
    SHA-256: a2d96cd53ee661c3f2458ceccd1f5a6751001aff68c2d5a848db18b473f67a9b
    Size: 320.26 kB
  2. dhcp-4.1.1-53.P1.3.0.1.AXS4.i686.rpm
    MD5: cc6de4b2778ca51e41693af9598d28cd
    SHA-256: 6d8c3c73501a057c10101a97b90401d526b2025a4a0db6c16634ff12825b321c
    Size: 824.77 kB
  3. dhcp-common-4.1.1-53.P1.3.0.1.AXS4.i686.rpm
    MD5: a6eb0711625903dbfb3317a2bc02ddcf
    SHA-256: 21c08912441df1034f3ae2a054bf3521a3245c29da3209e4db37a51d14a53b5f
    Size: 144.15 kB

Asianux Server 4 for x86_64
  1. dhclient-4.1.1-53.P1.3.0.1.AXS4.x86_64.rpm
    MD5: ecfe5b9710ea7326e3d5e6f61d164995
    SHA-256: 99ea613fc0d092f8d7dbe6a132923a40230b25c66593de87478ccbfac043f4f1
    Size: 321.29 kB
  2. dhcp-4.1.1-53.P1.3.0.1.AXS4.x86_64.rpm
    MD5: 494651a77d5a577ecfbfa03703758269
    SHA-256: 5428a30d2081dd1e162433cb11d822e210e1f4b1aa17e856e09b96120bfc6197
    Size: 822.76 kB
  3. dhcp-common-4.1.1-53.P1.3.0.1.AXS4.x86_64.rpm
    MD5: 21643ecc42a82ab6d88b7eaa8d555caf
    SHA-256: e1a0fc34b770c93e6d411d4f218f95514e501e5f9b407cb5c5fd4e6dd24ad009
    Size: 143.70 kB