-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:022 http://www.mandriva.com/security/ _______________________________________________________________________ Package : dhcp Date : February 7, 2011 Affected: 2010.0, 2010.1 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in dhcp: The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV and 4.1-ESV before 4.1-ESV-R1, and 4.2.x before 4.2.1b1 allows remote attackers to cause a denial of service (assertion failure and daemon crash) by sending a message over IPv6 for a declined and abandoned address (CVE-2011-0413). The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0413 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 65c4c7d0e66a2df6485307c2001f24b0 2010.0/i586/dhcp-client-4.1.2-0.3mdv2010.0.i586.rpm 524caa21dbe2e3cf36d4d16de7e53da2 2010.0/i586/dhcp-common-4.1.2-0.3mdv2010.0.i586.rpm 2f4c2b7920bdfd71c360af5f73bfdfe8 2010.0/i586/dhcp-devel-4.1.2-0.3mdv2010.0.i586.rpm 7c1cc00109e18e7d1464f9072bb719d6 2010.0/i586/dhcp-doc-4.1.2-0.3mdv2010.0.i586.rpm dd92268889b6157b4714a19cfc5750fa 2010.0/i586/dhcp-relay-4.1.2-0.3mdv2010.0.i586.rpm 87dda0a955b93e8373610c1a0e173c30 2010.0/i586/dhcp-server-4.1.2-0.3mdv2010.0.i586.rpm b8f3fc8978ea01a0aca04724854ae1cf 2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: e2bcb97dffaa40ad9658c2ca356f911b 2010.0/x86_64/dhcp-client-4.1.2-0.3mdv2010.0.x86_64.rpm 5d3c36e8169f632bc4cb0bee8c529af2 2010.0/x86_64/dhcp-common-4.1.2-0.3mdv2010.0.x86_64.rpm f6496937c234008f680dc025affa7207 2010.0/x86_64/dhcp-devel-4.1.2-0.3mdv2010.0.x86_64.rpm 0c9ba464bb9440351ccb126f46d97837 2010.0/x86_64/dhcp-doc-4.1.2-0.3mdv2010.0.x86_64.rpm e8dce1402658e8a46c2366b438d65622 2010.0/x86_64/dhcp-relay-4.1.2-0.3mdv2010.0.x86_64.rpm 97ecfed951ed5454b315b3b027b3337f 2010.0/x86_64/dhcp-server-4.1.2-0.3mdv2010.0.x86_64.rpm b8f3fc8978ea01a0aca04724854ae1cf 2010.0/SRPMS/dhcp-4.1.2-0.3mdv2010.0.src.rpm Mandriva Linux 2010.1: 38ef869104c1db0f95fc6e7869be6f6c 2010.1/i586/dhcp-client-4.1.2-0.3mdv2010.2.i586.rpm b99f897bd2c17fb3f03b89a996a4f7c1 2010.1/i586/dhcp-common-4.1.2-0.3mdv2010.2.i586.rpm ac14dc0687bbb819ad9dd7e1681b49fb 2010.1/i586/dhcp-devel-4.1.2-0.3mdv2010.2.i586.rpm 234e482da875009f8eb4dd6b349c115c 2010.1/i586/dhcp-doc-4.1.2-0.3mdv2010.2.i586.rpm d086d84360b98551f6287128f2d25cbf 2010.1/i586/dhcp-relay-4.1.2-0.3mdv2010.2.i586.rpm 4cf23679e74bd2d0f1b359880b1129eb 2010.1/i586/dhcp-server-4.1.2-0.3mdv2010.2.i586.rpm f57a5990f3e9c38367dbb6c855e30795 2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 0cc5b90af0efcb5b6e316735c39cb3e1 2010.1/x86_64/dhcp-client-4.1.2-0.3mdv2010.2.x86_64.rpm 949622a9f8e4282d8c32e3aef359643f 2010.1/x86_64/dhcp-common-4.1.2-0.3mdv2010.2.x86_64.rpm 5af2129b4f4303aa3fa6e9ad0ce10597 2010.1/x86_64/dhcp-devel-4.1.2-0.3mdv2010.2.x86_64.rpm 4bf50dfbf0f8f7c2d867ca61d4abdb9f 2010.1/x86_64/dhcp-doc-4.1.2-0.3mdv2010.2.x86_64.rpm b29f5b924eab6535ba5ee293629f75cb 2010.1/x86_64/dhcp-relay-4.1.2-0.3mdv2010.2.x86_64.rpm 3429f3b5bdb0d3684fe60df72ace7bb5 2010.1/x86_64/dhcp-server-4.1.2-0.3mdv2010.2.x86_64.rpm f57a5990f3e9c38367dbb6c855e30795 2010.1/SRPMS/dhcp-4.1.2-0.3mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNT+04mqjQ0CJFipgRAgp5AJ981fEMFBOppIo3Fom97Ji2FoSFEwCgkOhw nDcqcIwXZxBYWbWoSElkj2c= =GqhQ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/