Slackware: dhcp multiple vulnerabilities
Posted by LinuxSecurity.com Team   
Slackware Upgraded to dhcp-3.0pl2, which fixes several buffer overflow vulnerabilities, including some which may allow remote attackers to execute arbitrary code on affected systems, though no exploits are known yet.

New DHCP packages are available for Slackware 8.1 and -current
to fix buffer overflow security problems.

Here are the details from the Slackware 8.1 ChangeLog:

----------------------------
Sun Jan 19 11:18:33 PST 2003
patches/packages/dhcp-3.0pl2-i386-1.tgz:  Upgraded to dhcp-3.0pl2,
  which fixes several buffer overflow vulnerabilities, including some
  which may allow remote attackers to execute arbitrary code on affected
  systems, though no exploits are known yet.  For complete information,
  please see:   http://www.cert.org/advisories/CA-2003-01.html
  (* Security fix *)
----------------------------


WHERE TO FIND THE NEW PACKAGES:
-------------------------------
Updated dhcp package for Slackware 8.1: 
ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/dhcp-3.0pl2-i386-1.tgz

Updated dhcp package for Slackware-current:  
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-3.0pl2-i386-1.tgz


MD5 SIGNATURES:
---------------

Here are the md5sums for the packages:

Slackware 8.1:
4fb8257a77d683d84b903d57c9694b5f  dhcp-3.0pl2-i386-1.tgz

Slackware-current:
92b1532220ff51936a97362f63f77dce  dhcp-3.0pl2-i386-1.tgz