ISC DHCP 4.0.2b2 is now available

Shawn Routhier sar at
Tue Sep 1 02:11:48 UTC 2009

ISC DHCP 4.0.2b2 is now available for download.

This is the SECOND BETA of ISC DHCP 4.0.2 which contains a number of bug

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source
distribution, or on our website:

and click on "read more and download"

This release, and its OpenPGP-signatures are available now from:

ISC's Release Signing Key can be obtained at:

			Changes since 4.0.2b1

- Fixed a bug where an OMAPI socket disconnection message would not
  result in scheduling a failover reconnection, if the link had not
  negotiated a failover connect yet (e.g.: connection refused, asynch
  socket connect() timeouts).

- A bug was fixed that caused the 'conflict-done' state to fail to be
  parsed in failover state records.

! A stack overflow vulnerability was fixed in dhclient that could allow
  remote attackers to execute arbitrary commands as root on the system,
  or simply terminate the client, by providing an over-long subnet-mask
  option.  CERT VU#410676 - CVE-2009-0692

- Versions 3.0.x syntax with multiple name->code option definitions is
  now supported.  Note that, similarly to 3.0.x, for by-code lookups
  only the last option definition is used.

- Fixed a bug where a time difference of greater than 60 seconds between
  a failover pair could cause the primary to crash on contact with the
  secondary.  Thanks to a patch from Steinar Haug.

- Don't look for IPv6 interfaces on Linux when running in DHCPv4 mode.
  Thanks to patches from Matthew Newton and David Cantrell.

- Secondary servers in a failover pair will now perform ddns removals if
  they had performed ddns updates on a lease that is expiring, or was
  released through the primary.  As part of the same fix, stale binding
  scopes will now be removed if a change in identity of a lease's active
  client is detected, rather than simply if a lease is noticed to have
  expired (which it may have expired without a failover server noticing
  in some situations).

- A patch supplied by David Cantrell at RedHat was applied that detects
  invalid calling parameters given to the ns_name_ntop() function.
  Specifically, it detects if the caller passed a pointer and size pair
  that causes the pointer to integer-wrap past zero.

- Fixed a fenceposting bug when a client had two host records
  configured,  one using 'uid' and the other using 'hardware ethernet'.

More information about the dhcp-workers mailing list