ISC DHCP 4.0.2b2 is now available
sar at isc.org
Wed Sep 2 21:30:46 UTC 2009
ISC DHCP 4.0.2b2 is now available for download.
This is the SECOND BETA of ISC DHCP 4.0.2 which contains a number of bug
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:
and click on "read more and download"
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
Changes since 4.0.2b1
- Fixed a bug where an OMAPI socket disconnection message would not
result in scheduling a failover reconnection, if the link had not
negotiated a failover connect yet (e.g.: connection refused, asynch
socket connect() timeouts).
- A bug was fixed that caused the 'conflict-done' state to fail to be
parsed in failover state records.
! A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option. CERT VU#410676 - CVE-2009-0692
- Versions 3.0.x syntax with multiple name->code option definitions is
now supported. Note that, similarly to 3.0.x, for by-code lookups
only the last option definition is used.
- Fixed a bug where a time difference of greater than 60 seconds between
a failover pair could cause the primary to crash on contact with the
secondary. Thanks to a patch from Steinar Haug.
- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
Thanks to patches from Matthew Newton and David Cantrell.
- Secondary servers in a failover pair will now perform ddns removals if
they had performed ddns updates on a lease that is expiring, or was
released through the primary. As part of the same fix, stale binding
scopes will now be removed if a change in identity of a lease's active
client is detected, rather than simply if a lease is noticed to have
expired (which it may have expired without a failover server noticing
in some situations).
- A patch supplied by David Cantrell at RedHat was applied that detects
invalid calling parameters given to the ns_name_ntop() function.
Specifically, it detects if the caller passed a pointer and size pair
that causes the pointer to integer-wrap past zero.
- Fixed a fenceposting bug when a client had two host records
configured, one using 'uid' and the other using 'hardware ethernet'.
More information about the dhcp-users