SUSE-SU-2016:0481-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2016:0481-1

UNKNOWN

Security update for dhcp

Published Feb 16, 2016

Modified 10 years ago

Fix available

Details

This update for dhcp fixes the following issues:

CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305)

The following bugs were fixed:

bsc#936923: Improper lease duration checking
bsc#880984: Integer overflows in the date and time handling code
bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes
bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly
bsc#928390: dhclient dit not expose next-server DHCPv4 option to script
bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly

Affected Packages

dhcp

SUSE Linux Enterprise Desktop 11 SP3SUSE Linux Enterprise Desktop 11 SP4SUSE Linux Enterprise Server 11 SP3SUSE Linux Enterprise Server 11 SP3-TERADATASUSE Linux Enterprise Server 11 SP4

Fixed in:

4.2.4.P2-0.24.1

dhcp-client

SUSE Linux Enterprise Desktop 11 SP3SUSE Linux Enterprise Desktop 11 SP4SUSE Linux Enterprise Server 11 SP3SUSE Linux Enterprise Server 11 SP3-TERADATASUSE Linux Enterprise Server 11 SP4

Fixed in:

4.2.4.P2-0.24.1

dhcp-relay

SUSE Linux Enterprise Server 11 SP3SUSE Linux Enterprise Server 11 SP3-TERADATASUSE Linux Enterprise Server 11 SP4SUSE Linux Enterprise Server for SAP Applications 11 SP3SUSE Linux Enterprise Server for SAP Applications 11 SP4

Fixed in:

4.2.4.P2-0.24.1

dhcp-server

Fixed in:

4.2.4.P2-0.24.1

dhcp-devel

SUSE Linux Enterprise Software Development Kit 11 SP3SUSE Linux Enterprise Software Development Kit 11 SP4

Fixed in:

4.2.4.P2-0.24.1

References

REPORT

https://bugzilla.suse.com/880984