Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.0841 ISC DHCP security update 11 August 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: isc-dhcp Publisher: Debian Operating System: Debian GNU/Linux 5 Debian GNU/Linux 6 Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2011-2749 CVE-2011-2748 Reference: ESB-2011.0840 Original Bulletin: http://www.debian.org/security/2011/dsa-2292 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-2292-1 security@debian.org http://www.debian.org/security/ Florian Weimer August 11, 2011 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : isc-dhcp Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2011-2748 CVE-2011-2749 David Zych discovered that the ISC DHCP crashes when processing certain packets, leading to a denial of service. For the oldstable distribution (lenny), this problem has been fixed in version 3.1.1-6+lenny6 of the dhcp3 package. For the stable distribution (squeeze), this problem has been fixed in version 4.1.1-P1-15+squeeze3 of the isc-dhcp package. For the testing distribution (wheezy) and the unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your ISC DHCP packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJOQ2uHAAoJEL97/wQC1SS+liMH/27QXa4XK2z6MzuiXu2wRJuy 4v5AxPTKBGBdb0MCWOg7u2F4c8IVMtfxLOKxtiKUZqA5lAfEsbjLerG4sxOgZLgX 9/xEri9fylrxPl14TbL/IiHvrgG/rsUGq13tGY5ppYQLDc24KmpeeunlwUNkX+VF sw+Kg2E9Xq2bf3WixbZaVQ6Q4uTqNLLroL52E+RrNX4O9/auJIotbDCjgVJk8X47 BYhxsvI072xw9tQTUbHF24eCyxw9YFJWnb/Sz7mXK9mUuEUsJLQr6C/0+f4Yki3K FxRHpWBNMbhh2FpS4HZyJ9Agiog5Q7C09PNfz/QL9l5UmsFxXsWj9eEvoE0LI6U= =Uadg - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTkNtWe4yVqjM2NGpAQItzhAAje8chJSR+3cVpIrAAXiqpYEvsYvhgjZT GsibBnfFyCn2OF7Zw2/PF+QWKuOZzPhR/z5PyCTzr9UwuQzlegd9+f+PhSOukfac EUJnN3uyCzF++4nCByffacGHaULDMYo5rB9bfoa08tuhkdJ/17jG0/RsAhPTnocf 6QR5OMvIUc88+vG9K1bZUEGzO2VrmJ3W99wv1eXg1LNujsDsVkv1OIOkHc39vwkB ZE3UYhhgTpWeU3WzV3F81f2YtiYgam35tYv7Tgcgrn8UC+Ak2mcxxpknASx4dOvI 4mL6FNh8zV2R6vET5N3Z0JY8Jh8adMISlvEPS4Rky43Q7805iQiJJBXY6QzCW7MB n1KZMjnmVrrXWmZIy7Ic6yExMRP7YGzkzvB4zT34aRD+6uWFRwlJFJRLhvdMVQcJ gTJ/gXDiL4quSq6OYX5FXolp389KvEYjp823R19MeM8IGfwVcu+9Gpsikn+iEsLX wCkPI5wSw4U7loUzXbcQWA7Zv0VxnFHPM5naYqhLCYmzEbCpR0911/1x5baUIyrF d8qk8ph2m9WStldgnQERaARNfO7zkF+Nb9LTx1KZ8KmtlMdv20gaGR72k/5NTyhC 2io6BoxKkNS5Pnx+2Uoi2GBeMN7c2byzdeSF6GG3KIgJ5DUN93dxZSbxkQOm4vtx uvtGpDhUFdU= =WAWC -----END PGP SIGNATURE-----