SECURITY: ISC DHCP 'dhclient' stack overflow patch releases are now available!
David W. Hankins
dhankins at isc.org
Tue Jul 14 17:36:43 UTC 2009
ISC DHCP 4.1.0p1, 4.0.1p1, and 3.1.2p1 are all now available for
These releases are patch level releases, correcting a stack overflow
vulnerability in all versions of 'dhclient' when processing large
netmask options. The vulnerability is recorded as CERT VU#410676,
and CVE-2009-0692. For more information about this vulnerability,
please refer to the vulnerability notes as they become available;
All ISC dhclient users are urged to upgrade. 'dhcpd' or 'dhcrelay'
users are not affected.
A list of the changes in these releases has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES files within the source
distributions, or on our website:
These releases, and their OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Change since base release
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
David W. Hankins "If you don't do it right the first time,
Software Engineer you'll just have to do it again."
Internet Systems Consortium, Inc. -- Jack T. Hankins
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
More information about the dhcp-announce