Joined: 12 May 2004
|Posted: Sun Apr 08, 2018 5:26 pm Post subject: [ glsa 201804-05 ] isc dhcp
|Gentoo Linux Security Advisory
Title: ISC DHCP: Multiple vulnerabilities (GLSA 201804-05)
Bug(s): #644708, #649010
Multiple vulnerabilities have been found in ISC DHCP, the worst of
which could allow for the remote execution of arbitrary code.
ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
Vulnerable: < 4.3.6_p1
Unaffected: >= 4.3.6_p1
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in ISC DHCP. Please review
the CVE identifiers referenced below for details.
Remote attackers could execute arbitrary code, cause a Denial of Service
condition, or have other unspecified impacts.
There are no known workarounds at this time for CVE-2018-5732 or
In accordance with upstream documentation, the recommended workaround
for CVE-2017-3144 is, “to disallow access to the OMAPI control port
from unauthorized clients (in accordance with best practices for server
All DHCP users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.3.6_p1"