5246119 2000-07-02 23:14 /97 rader/ Postmaster Mottagare: Bugtraq (import) <11571> Ärende: [Security Announce] dhcp update ------------------------------------------------------------ Approved-By: aleph1@SECURITYFOCUS.COM Delivered-To: bugtraq@lists.securityfocus.com Delivered-To: bugtraq@securityfocus.com X-Accept-Language: en, fr Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mime-Autoconverted: from quoted-printable to 8bit b mandrakesoft.mandrakesoft.com id KAA08604 X-Loop: security-announce@linux-mandrake.com X-Sequence: 102 Precedence: list Message-ID: <395F5C35.63D61535@mandrakesoft.com> Date: Sun, 2 Jul 2000 17:13:57 +0200 Reply-To: security-discuss@linux-mandrake.com Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM> From: Gael Duval <gduval@MANDRAKESOFT.COM> Organization: MandrakeSoft X-To: security-announce@linux-mandrake.com To: BUGTRAQ@SECURITYFOCUS.COM ------------------------------------- Linux-Mandrake Security Update ------------------------------------- Date: July, 2nd 2000 Package name: dhcp Affected versions: 6.0 6.1 7.0 7.1 Problem: The OpenBSD team discovered a vulnerability in it that allows for remote exploitation by a corrupt dhcp server, (or an attacker pretending to be a dhcp server). If this vulnerability is exploited, root access can be gained on the host running dhcp client remotely. The problem is that input is not checked and, as a result, it is possible to execute commands remotely when the network config files are being written on the dhcp client. Please upgrade to: md5 sum: 9621fbe7b5fbf14063c4806bf2c1e141 6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm md5 sum: 0ee7eac80fad4382014c9b2f9181b7d8 6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm md5 sum: 9469c360585a2dc69eccf6fbaf3e9099 src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm md5 sum: 32915a170c38fe45032e75421dfd4178 6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm md5 sum: 389c7f48a36ec81528e2f9cdaefc0521 6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm md5 sum: 9469c360585a2dc69eccf6fbaf3e9099 src: 6.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm md5 sum: 431442f90603708c0dae624e5d282a92 7.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm md5 sum: 08b74d01dd76b64ed48719484c8c4fb1 7.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm md5 sum: 9469c360585a2dc69eccf6fbaf3e9099 src: 7.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm md5 sum: 57ef403c1a6f5734b1ac63dcde854ae8 7.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm md5 sum: d8d3a7bfb145c7c2f5cfdd2127333c67 7.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm md5 sum: 9469c360585a2dc69eccf6fbaf3e9099 src: 7.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm To upgrade automatically, use « MandrakeUpdate ». If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. For example, if you are looking for an updated RPM package for Mandrake 7.1, look for it in: updates/7.1/RPMS/ Notes: - we give the md5 sum for each package. It lets you check the integrity of the downloaded package by running the md5sum command on the package ("md5sum package.rpm"). - you generally do not need to download the source package with a .src.rpm suffix (5246119) ------------------------------------------