Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New dhcp packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian The patch used to correct the DHCP server buffer overflow in DSA-1388-1 was incomplete and did not adequately resolve the problem. This update to the previous advisory makes available updated packages based on a newer version of the patch.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1388-3                               Noah Meyerhans
October 29, 2007          
- ------------------------------------------------------------------------

Package        : dhcp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5365
Debian Bug     : 446354

The patch used to correct the DHCP server buffer overflow in DSA-1388-1
was incomplete and did not adequately resolve the problem.  This update
to the previous advisory makes available updated packages based on a
newer version of the patch.

For the stable distribution (etch), this problem has been fixed in
version 2.0pl5-19.5etch2

Updates to the old stable version (sarge) are pending.

We recommend that you upgrade your dhcp packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:      683 0b58f9e8eb121cf97c069580fe7f8d2a
    Size/MD5 checksum:   109536 e05751df16af9fef3826de1b13b19694
    Size/MD5 checksum:   294909 ab22f363a7aff924e2cc9d1019a21498

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   115986 5a3fad1441184f67ebfd259e225b8deb
    Size/MD5 checksum:   122958 70cf5573cdb9df0ade56fd58963526f7
    Size/MD5 checksum:    81466 59a2774d3cbf426c116cda5b37004b02
    Size/MD5 checksum:    53328 fc6a74bbf4ca3d11266894022967d215

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   115646 5fb5be9e0df58591e2f09984b107b6ff
    Size/MD5 checksum:    76622 699bdea9722e30a17d893a5fdfc59b3c
    Size/MD5 checksum:   109336 aca4a6dfbe89e12da8b5f57031c6749a
    Size/MD5 checksum:    46762 b7ab045411264337a230c0e0547e976c

arm architecture (ARM)
    Size/MD5 checksum:   114446 e706691fe1b1da3e48556f3f3a2759dc
    Size/MD5 checksum:    44804 a7de3008bff776bc41f57939d6baef0c
    Size/MD5 checksum:    74574 c357f51c69cacd0c5e7f746735b050ee
    Size/MD5 checksum:   107660 c0426fafa16454f4f3613b669be104b3

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   115078 77698ad1416708c1bba42286717a6a38
    Size/MD5 checksum:   109288 ba099d48d08c7b63f17c901505069a93
    Size/MD5 checksum:    77218 631787f11690111a20ca8e06da223955
    Size/MD5 checksum:    46534 e4563d516472ae7b00640c4faf63a69b

i386 architecture (Intel ia32)
    Size/MD5 checksum:    40922 439ee79ca28a824a3bd702e6d2a4782a
    Size/MD5 checksum:    72582 ad568458d95419eae37cbc05f7df99e0
    Size/MD5 checksum:   111342 02946828ab4646c8c9d40abbb9323f10
    Size/MD5 checksum:   103662 5309abf9853a42438f3b25557e2ea72a

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   135918 1130320929adbd7b5f6bbbdbe7ea8cf4
    Size/MD5 checksum:   142464 88880a0d9631738e8d50d88725405f2a
    Size/MD5 checksum:    72360 4c6b9e4ed5a2b908818f2bdc047302f1
    Size/MD5 checksum:    92714 6b45e56a178149eb662b3ace829f4d1a

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   112086 f3eefe99badef8981c197191cfa7ad39
    Size/MD5 checksum:   118180 bc2b4fcd3d3a7df0ece598e4a0c72ea4
    Size/MD5 checksum:    49302 0a4a229e0e066b8d9fecc75125385899
    Size/MD5 checksum:    78638 a588b355c89a2f5bbd893aaf938740c8

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:   117674 a39185fab632a03793efe3396311f350
    Size/MD5 checksum:    48770 42c311ba6c2052abdddf6c2e6b7aa16a
    Size/MD5 checksum:   111554 86440305699bfed9cd6cd0721b5c032c
    Size/MD5 checksum:    78272 95b3aff8d41ea810ee4d4b1bb75c9eed

powerpc architecture (PowerPC)
    Size/MD5 checksum:    74674 f3377454115baffb9450fb0a0bb51d0f
    Size/MD5 checksum:   105862 4b75aabdc533969677988dbc4bd8e59e
    Size/MD5 checksum:    43066 2edba1128225890a6792f2eecee00058
    Size/MD5 checksum:   112228 a60c4734706546a47127c11765f1d9bf

s390 architecture (IBM S/390)
    Size/MD5 checksum:    53540 8a063f95dd410c93e6b5fe10e091fdc2
    Size/MD5 checksum:   121934 d5ae65fdd1254df11d692051753efcc8
    Size/MD5 checksum:   116260 29bf7983a2226601124ee0da48072aa2
    Size/MD5 checksum:    80346 fe7c1452e141fc20d16653b857d6ec69

sparc architecture (Sun SPARC/UltraSPARC)
    Size/MD5 checksum:    75060 e8e5a86e2e608771e36755b0f443df83
    Size/MD5 checksum:   112946 cd73de6703a63dc321cf788bab64d52d
    Size/MD5 checksum:   106534 c777f24901a5bdb9db29c3a82da401d8
    Size/MD5 checksum:    43554 516673e6c0d38126058807dbbdf81fe7

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Feds Charged With Stealing Money During Silk Road Investigation
EFF questions US government's software flaw disclosure policy
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.