dhcp-4.3.6-44.el8.1
エラータID: AXSA:2021-2197:04
リリース日:
2021/07/12 Monday - 07:21
題名:
dhcp-4.3.6-44.el8.1
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- DHCP には、リースの読み取りに問題があり、dhclient と dhcpd が不適切なリースを
読み込むとクラッシュする可能性があるため、DHCP クライアントでネットワーク接続の
問題を引き起こす脆弱性があります。(CVE-2021-25217)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-25217
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.
追加情報:
N/A
ダウンロード:
SRPMS
- dhcp-4.3.6-44.el8.1.src.rpm
MD5: a60286ca63a3028ddc7ec13c263a5b0d
SHA-256: 69b8f984cb363092d7e4f1c4716d62c621376561a643bc8d2dba8383e3553927
Size: 9.90 MB
Asianux Server 8 for x86_64
- dhcp-client-4.3.6-44.el8.1.x86_64.rpm
MD5: 5efe118aee081ac9fef401a9c068cb51
SHA-256: fd8af43e6b4483e62075ad813594acd24dc9ca7139414dd5fb6313bc0bcbd8e8
Size: 317.04 kB - dhcp-common-4.3.6-44.el8.1.noarch.rpm
MD5: e7773f9c98bb887dd613d472d20d6a09
SHA-256: 00be6c236115c1a65f4240c8653c9344723dc295a8917619c29891d961938a9e
Size: 205.98 kB - dhcp-libs-4.3.6-44.el8.1.x86_64.rpm
MD5: a00fcaf8cdc2f78e305d37e671c98d3b
SHA-256: f86973113a762c187d721d20e33a1f47db4c07f32f5a976fd12122b8ef6d6386
Size: 146.60 kB - dhcp-relay-4.3.6-44.el8.1.x86_64.rpm
MD5: 6b795f332fb15c4742e86a172081c447
SHA-256: 5d06d6a2c503c4372c928f935a0ad5cf33f4da6c1b3346ba0f356c8f80998f01
Size: 235.40 kB - dhcp-server-4.3.6-44.el8.1.x86_64.rpm
MD5: 6872b3283017b6faf8ff205395c5e04c
SHA-256: 5a8712ae72b1ec2413b5f6e854f4696948436a5889344a41df10723a68a51082
Size: 528.61 kB - dhcp-libs-4.3.6-44.el8.1.i686.rpm
MD5: 3d5bbf50afa83c39313ed279895df148
SHA-256: 711f9d51ab6faa7e488f64b3711997e94e0bfc7e008f3027769a1906b7edff73
Size: 151.91 kB