GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Apr 08, 2018 5:26 pm Post subject: [ glsa 201804-05 ] isc dhcp |
|
|
Gentoo Linux Security Advisory
Title: ISC DHCP: Multiple vulnerabilities (GLSA 201804-05)
Severity: normal
Exploitable: remote
Date: 2018-04-08
Bug(s): #644708, #649010
ID: 201804-05
Synopsis
Multiple vulnerabilities have been found in ISC DHCP, the worst of
which could allow for the remote execution of arbitrary code.
Background
ISC DHCP is a Dynamic Host Configuration Protocol (DHCP) client/server.
Affected Packages
Package: net-misc/dhcp
Vulnerable: < 4.3.6_p1
Unaffected: >= 4.3.6_p1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in ISC DHCP. Please review
the CVE identifiers referenced below for details.
Impact
Remote attackers could execute arbitrary code, cause a Denial of Service
condition, or have other unspecified impacts.
Workaround
There are no known workarounds at this time for CVE-2018-5732 or
CVE-2018-5733.
In accordance with upstream documentation, the recommended workaround
for CVE-2017-3144 is, “to disallow access to the OMAPI control port
from unauthorized clients (in accordance with best practices for server
operation).”
Resolution
All DHCP users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/dhcp-4.3.6_p1"
|
References
CVE-2017-3144
CVE-2018-5732
CVE-2018-5733 |
|