Gentoo: dhcpd buffer overflow vulnerability
Summary
- -------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200301-10 - -------------------------------------------------------------------- DATE : 2003-01-17 10:01 UTC
- --------------------------------------------------------------------
From advisory :
"The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits."
Read the full advisory at /library/2003-cert-advisories/
SOLUTION
It is recommended that all Gentoo Linux users who are running net-misc/dhcp upgrade to dhcp-3.0_p2 as follows:
emerge sync emerge -u dhcp emerge clean
- -------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at lostlogic@gentoo.org - --------------------------------------------------------------------