<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">ISC DHCP 4.1-ESV-R6 is now available for download.<div><br></div><div>This is a production release of 4.1-ESV-R6, a maintenance release</div><div>that includes several security patches as well as some bug fixes.</div><div><br></div><div>The security advisories can be found at:</div><div><a href="https://kb.isc.org/article/AA-00712">https://kb.isc.org/article/AA-00712</a></div><div><a href="https://kb.isc.org/article/AA-00737">https://kb.isc.org/article/AA-00737</a></div><div><br></div><div><div>A list of the changes in this release has been appended to the end</div><div>of this message. For a complete list of changes from any previous</div><div>release, please consult the RELNOTES file within the source</div><div>distribution, or on our website:</div><div><br></div><div><a href="http://www.isc.org/software/dhcp/41-esv-r6">http://www.isc.org/software/dhcp/41-esv-r6</a></div><div><br></div><div>This release, and its OpenPGP-signatures are available now from:</div><div><br></div><div> <a href="ftp://ftp.isc.org/isc/dhcp/4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz">ftp://ftp.isc.org/isc/dhcp/4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz</a></div><div> <a href="ftp://ftp.isc.org/isc/dhcp/">ftp://ftp.isc.org/isc/dhcp/</a>4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz.sha512.asc</div><div> <a href="ftp://ftp.isc.org/isc/dhcp/">ftp://ftp.isc.org/isc/dhcp/</a>4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz.sha256.asc</div><div> <a href="ftp://ftp.isc.org/isc/dhcp/">ftp://ftp.isc.org/isc/dhcp/</a>4.1-ESV-R6/dhcp-4.1-ESV-R6.tar.gz.sha1.asc</div><div><br></div><div>ISC's Release Signing Key can be obtained at:</div><div><br></div><div> <a href="http://www.isc.org/about/openpgp/">http://www.isc.org/about/openpgp/</a></div></div><div><br></div><div><div> Changes since 4.1-ESV-R5</div><div><br></div><div>- Correct code to calculate timing values in client to compare</div><div> rebind value to infinity instead of renew value.</div><div> Thanks to Chenda Huang from H3C Technologies Co., Limited</div><div> for reporting this issue.</div><div> [ISC-Bugs #29062]</div><div><br></div><div>- Fix some issues in the code for parsing and printing options.</div><div> [ISC-Bugs #22625] - properly print options that have several fields</div><div> followed by an array of something for example "fIa"</div><div> [ISC-Bugs #27289] - properly parse options in declarations that have</div><div> several fields followed by an array of something for example "fIa"</div><div> [ISC-Bugs #27296] - properly determine if we parsed a 16 or 32 bit</div><div> value in evaluate_numeric_expression (extract-int).</div><div> [ISC-Bugs #27314] - properly parse a zero length option from</div><div> a lease file. Thanks to Marius Tomaschewski from SUSE for the report</div><div> and prototype patch for this ticket as well as ticket 27289.</div><div><br></div><div>! Previously the server code was relaxed to allow packets with zero</div><div> length client ids to be processed. Under some situations use of</div><div> zero length client ids can cause the server to go into an infinite</div><div> loop. As such ids are not valid according to RFC 2132 section 9.14</div><div> the server no longer accepts them. Client ids with a length of 1</div><div> are also invalid but the server still accepts them in order to</div><div> minimize disruption. The restriction will likely be tightened in</div><div> the future to disallow ids with a length of 1.</div><div> Thanks to Markus Hietava of Codenomicon CROSS project for the</div><div> finding this issue and CERT-FI for vulnerability coordination.</div><div> [ISC-Bugs #29851]</div><div> CVE: CVE-2012-3571</div><div><br></div><div>! A pair of memory leaks were found and fixed. Thanks to</div><div> Glen Eustace of Massey University, New Zealand for finding</div><div> this issue.</div><div> [ISC-Bugs #30024]</div><div> CVE: CVE-2012-3954</div></div><div><br></div></body></html>