5246119 2000-07-02 23:14 /97 rader/ Postmaster
Mottagare: Bugtraq (import) <11571>
Ärende: [Security Announce] dhcp update
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Accept-Language: en, fr
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Mime-Autoconverted: from quoted-printable to 8bit b
mandrakesoft.mandrakesoft.com id KAA08604
X-Loop: security-announce@linux-mandrake.com
X-Sequence: 102
Precedence: list
Message-ID: <395F5C35.63D61535@mandrakesoft.com>
Date: Sun, 2 Jul 2000 17:13:57 +0200
Reply-To: security-discuss@linux-mandrake.com
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Gael Duval <gduval@MANDRAKESOFT.COM>
Organization: MandrakeSoft
X-To: security-announce@linux-mandrake.com
To: BUGTRAQ@SECURITYFOCUS.COM
-------------------------------------
Linux-Mandrake Security Update
-------------------------------------
Date: July, 2nd 2000
Package name: dhcp
Affected versions: 6.0 6.1 7.0 7.1
Problem:
The OpenBSD team discovered a vulnerability in it that allows for
remote exploitation by a corrupt dhcp server, (or an attacker
pretending to be a dhcp server). If this vulnerability is exploited,
root access can be gained on the host running dhcp client remotely.
The problem is that input is not checked and, as a result, it is
possible to execute commands remotely when the network config files
are being written on the dhcp client.
Please upgrade to:
md5 sum: 9621fbe7b5fbf14063c4806bf2c1e141
6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
md5 sum: 0ee7eac80fad4382014c9b2f9181b7d8
6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm
md5 sum: 32915a170c38fe45032e75421dfd4178
6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
md5 sum: 389c7f48a36ec81528e2f9cdaefc0521
6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 6.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm
md5 sum: 431442f90603708c0dae624e5d282a92
7.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
md5 sum: 08b74d01dd76b64ed48719484c8c4fb1
7.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 7.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm
md5 sum: 57ef403c1a6f5734b1ac63dcde854ae8
7.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm
md5 sum: d8d3a7bfb145c7c2f5cfdd2127333c67
7.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm
md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 7.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm
To upgrade automatically, use « MandrakeUpdate ». If you want to
upgrade manually, download the updated package from one of our FTP
server mirrors and uprade with "rpm -Uvh package_name". All mirrors
are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.
For example, if you are looking for an updated RPM package for
Mandrake 7.1, look for it in: updates/7.1/RPMS/
Notes:
- we give the md5 sum for each package. It lets you check the
integrity of the downloaded package by running the md5sum command on
the package ("md5sum package.rpm").
- you generally do not need to download the source package with a
.src.rpm suffix
(5246119) ------------------------------------------