Pardus: 2011-113: dhcp: Multiple vulnerabilities
Posted by Benjamin D. Thomas   
Multiple vulnerabilities have been fixed in dhcp.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-113           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-09-05
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities have been fixed in dhcp.


Description
==========
CVE-2011-2748:

The server in ISC  DHCP  3.x  and  4.x  before  4.2.2,  3.1-ESV  before
3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows  remote  attackers  to
cause a denial of service (daemon exit) via a crafted DHCP packet.



CVE-2011-2749:

The server in ISC  DHCP  3.x  and  4.x  before  4.2.2,  3.1-ESV  before
3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows  remote  attackers  to
cause a denial of service (daemon exit) via a crafted BOOTP packet.


Affected packages:

  Pardus 2009:
    dhcp, all before 4.2.1_p1-27-10
  Pardus 2011:
    dhcp, all before 4.2.1_p1-31-p11


Resolution
=========
There are update(s) for dhcp. You can update them via Package Manager or
with a single command from console:

  Pardus 2009:
    pisi up dhcp

  Pardus 2011:
    pisi up dhcp


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id010

------------------------------------------------------------------------