ISC DHCP 4.2.4-P1 is now available

Shawn Routhier sar at isc.org
Tue Jul 24 18:21:10 UTC 2012


ISC DHCP 4.2.4-P1 is now available for download.

This is a production release of 4.2.4-P1, a patch release
that includes several security patches.

The security advisories can be found at:
https://kb.isc.org/article/AA-00712
https://kb.isc.org/article/AA-00714
https://kb.isc.org/article/AA-00737

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

http://www.isc.org/software/dhcp/424-p1

This release, and its OpenPGP-signatures are available now from:

    ftp://ftp.isc.org/isc/dhcp/4.2.4-P1/dhcp-4.2.4-P1.tar.gz
    ftp://ftp.isc.org/isc/dhcp/4.2.4-P1/dhcp-4.2.4-P1.tar.gz.sha512.asc
    ftp://ftp.isc.org/isc/dhcp/4.2.4-P1/dhcp-4.2.4-P1.tar.gz.sha256.asc
    ftp://ftp.isc.org/isc/dhcp/4.2.4-P1/dhcp-4.2.4-P1.tar.gz.sha1.asc

ISC's Release Signing Key can be obtained at:

    http://www.isc.org/about/openpgp/

			Changes since 4.2.4

! Previously the server code was relaxed to allow packets with zero
  length client ids to be processed.  Under some situations use of
  zero length client ids can cause the server to go into an infinite
  loop.  As such ids are not valid according to RFC 2132 section 9.14
  the server no longer accepts them.  Client ids with a length of 1
  are also invalid but the server still accepts them in order to
  minimize disruption.  The restriction will likely be tightened in
  the future to disallow ids with a length of 1.
  Thanks to Markus Hietava of Codenomicon CROSS project for the
  finding this issue and CERT-FI for vulnerability coordination.
  [ISC-Bugs #29851]
  CVE: CVE-2012-3571

! When attempting to convert a DUID from a client id option
  into a hardware address handle unexpected client ids properly.
  Thanks to Markus Hietava of Codenomicon CROSS project for the
  finding this issue and CERT-FI for vulnerability coordination.
  [ISC-Bugs #29852]
  CVE: CVE-2012-3570

! A pair of memory leaks were found and fixed.  Thanks to
  Glen Eustace of Massey University, New Zealand for finding
  this issue.
  [ISC-Bugs #30024]
  CVE: CVE-2012-3954



More information about the dhcp-announce mailing list