Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: dhcp
Date: Fri, 17 Jan 2003 10:51:11
Message-Id: 20030117104554.B525333B4D@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - --------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200301-10
6 - - --------------------------------------------------------------------
7
8 PACKAGE : dhcp
9 SUMMARY : buffer overflow
10 DATE    : 2003-01-17 10:01 UTC
11 EXPLOIT : remote
12
13 - - --------------------------------------------------------------------
14
15 - From advisory :
16
17 "The Internet Software Consortium (ISC) has discovered several buffer
18 overflow vulnerabilities in their implementation of DHCP (ISC DHCPD).
19 These vulnerabilities may allow remote attackers to execute arbitrary
20 code on affected systems.  At this time, we are not aware of any
21 exploits."
22
23 Read the full advisory at
24 http://www.cert.org/advisories/CA-2003-01.html
25
26 SOLUTION
27
28 It is recommended that all Gentoo Linux users who are running
29 net-misc/dhcp upgrade to dhcp-3.0_p2 as follows:
30
31 emerge sync
32 emerge -u dhcp
33 emerge clean
34
35 - - --------------------------------------------------------------------
36 aliz@g.o - GnuPG key is available at www.gentoo.org/~aliz
37 lostlogic@g.o
38 - - --------------------------------------------------------------------
39 -----BEGIN PGP SIGNATURE-----
40 Version: GnuPG v1.2.1 (GNU/Linux)
41
42 iD8DBQE+J97gfT7nyhUpoZMRAvWAAKCmwJ9SZ9BHqLlVSnpU6uuJdIGR+ACfXpTw
43 ZFnl0fBTQKE3c0ymwNUdQT8=
44 =Ukux
45 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups