SECURITY: ISC DHCP 'dhclient' stack overflow patch releases are now available!

David W. Hankins dhankins at
Tue Jul 14 17:36:43 UTC 2009

ISC DHCP 4.1.0p1, 4.0.1p1, and 3.1.2p1 are all now available for

These releases are patch level releases, correcting a stack overflow
vulnerability in all versions of 'dhclient' when processing large
netmask options.  The vulnerability is recorded as CERT VU#410676,
and CVE-2009-0692.  For more information about this vulnerability,
please refer to the vulnerability notes as they become available;

All ISC dhclient users are urged to upgrade.  'dhcpd' or 'dhcrelay'
users are not affected.

A list of the changes in these releases has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES files within the source
distributions, or on our website:

These releases, and their OpenPGP-signatures are available now from:

ISC's Release Signing Key can be obtained at:

			Change since base release

! A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask

David W. Hankins	"If you don't do it right the first time,
Software Engineer		     you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <>

More information about the dhcp-announce mailing list