-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  dhcp (SSA:2022-278-01)

New dhcp packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz:  Upgraded.
  This update fixes two security issues:
  Corrected a reference count leak that occurs when the server builds
  responses to leasequery packets.
  Corrected a memory leak that occurs when unpacking a packet that has an
  FQDN option (81) that contains a label with length greater than 63 bytes.
  Thanks to VictorV of Cyber Kunlun Lab for reporting these issues.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.1.txz

Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/dhcp-4.4.3_P1-i586-1_slack14.2.txz

Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.2.txz

Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz

Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-4.4.3_P1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-4.4.3_P1-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 14.0 package:
e429e8478fe65c0c181ccd02a053c108  dhcp-4.4.3_P1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
048b1b6cf2e438616c13c8bb9a97f74a  dhcp-4.4.3_P1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
dd65809816162013a3fb513a178a7b35  dhcp-4.4.3_P1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
db85a1949e4f6c8c6a856ab867e45394  dhcp-4.4.3_P1-x86_64-1_slack14.1.txz

Slackware 14.2 package:
9e0732a1ec9a45c091fc23111a164138  dhcp-4.4.3_P1-i586-1_slack14.2.txz

Slackware x86_64 14.2 package:
10c5b50ea804e6e139ad108943599ccd  dhcp-4.4.3_P1-x86_64-1_slack14.2.txz

Slackware 15.0 package:
3c78b341d3af7b9770948ba98f6afac7  dhcp-4.4.3_P1-i586-1_slack15.0.txz

Slackware x86_64 15.0 package:
8c4e56a909641a3818d844bb504bd414  dhcp-4.4.3_P1-x86_64-1_slack15.0.txz

Slackware -current package:
df65be9af772690d503e2ad51848c7bf  n/dhcp-4.4.3_P1-i586-1.txz

Slackware x86_64 -current package:
a86b84620a04c0171c6bf1de2a10c9c0  n/dhcp-4.4.3_P1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg dhcp-4.4.3_P1-i586-1_slack15.0.txz

Then, restart the dhcp daemon.


+-----+

Slackware: 2022-278-01: dhcp Security Update

October 5, 2022
New dhcp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz: Upgraded. This update fixes two security issues: Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting these issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2928 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2929 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/dhcp-4.4.3_P1-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/dhcp-4.4.3_P1-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack14.2.txz
Updated package for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/dhcp-4.4.3_P1-i586-1_slack15.0.txz
Updated package for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/dhcp-4.4.3_P1-x86_64-1_slack15.0.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/dhcp-4.4.3_P1-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/dhcp-4.4.3_P1-x86_64-1.txz

MD5 Signatures

Slackware 14.0 package: e429e8478fe65c0c181ccd02a053c108 dhcp-4.4.3_P1-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: 048b1b6cf2e438616c13c8bb9a97f74a dhcp-4.4.3_P1-x86_64-1_slack14.0.txz
Slackware 14.1 package: dd65809816162013a3fb513a178a7b35 dhcp-4.4.3_P1-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: db85a1949e4f6c8c6a856ab867e45394 dhcp-4.4.3_P1-x86_64-1_slack14.1.txz
Slackware 14.2 package: 9e0732a1ec9a45c091fc23111a164138 dhcp-4.4.3_P1-i586-1_slack14.2.txz
Slackware x86_64 14.2 package: 10c5b50ea804e6e139ad108943599ccd dhcp-4.4.3_P1-x86_64-1_slack14.2.txz
Slackware 15.0 package: 3c78b341d3af7b9770948ba98f6afac7 dhcp-4.4.3_P1-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: 8c4e56a909641a3818d844bb504bd414 dhcp-4.4.3_P1-x86_64-1_slack15.0.txz
Slackware -current package: df65be9af772690d503e2ad51848c7bf n/dhcp-4.4.3_P1-i586-1.txz
Slackware x86_64 -current package: a86b84620a04c0171c6bf1de2a10c9c0 n/dhcp-4.4.3_P1-x86_64-1.txz

Severity
[slackware-security] dhcp (SSA:2022-278-01)
New dhcp packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg dhcp-4.4.3_P1-i586-1_slack15.0.txz Then, restart the dhcp daemon.

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved