Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 98394
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 98394 depends on: Show dependency tree
Bug 98394 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-07-08 14:02 0000 
From Debian ChangeLog:

   * Fix a security hole. A malformed DHCP packet could crash dhcpcd

------- Comment #1 From Matthias Geerdsen 2005-07-09 07:31:07 0000 ------- 
base-system, pls verify/advise

------- Comment #2 From SpanKY 2005-07-09 15:15:23 0000 ------- 
Roy: could you take care of this for us please ?

------- Comment #3 From Roy Marples (RETIRED) 2005-07-10 03:11:52 0000 ------- 
Merged in the patch by Simon Kelly the Debian dhcpcd maintainer.

Punted old ebuilds. r5 becomes r11, r10 becomes r12 - both have fix
r5 remains in the tree as it's marked stable - all others have been punted.

------- Comment #4 From Roy Marples (RETIRED) 2005-07-10 03:30:17 0000 ------- 
r11 has been marked stable for x86 and amd64

------- Comment #5 From Stefan Cornelius (RETIRED) 2005-07-10 03:32:06 0000 ------- 
Calling arches. Please test and mark 1.3.22_p4-r11 stable. Thanks in advance.
(x86 and amd64 already stable)

------- Comment #6 From René Nussbaumer 2005-07-10 07:16:46 0000 ------- 
Stable on hppa

------- Comment #7 From Jason Wever (RETIRED) 2005-07-10 08:21:14 0000 ------- 
Stable on SPARC.

------- Comment #8 From Tobias Scherbaum 2005-07-10 13:29:10 0000 ------- 
marked ppc stable

------- Comment #9 From Matthias Geerdsen 2005-07-11 05:25:58 0000 ------- 
- --------------------------------------------------------------------------
Debian Security Advisory DSA 750-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 11th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : dhcpcd
Vulnerability  : out-of-bound memory access
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1848

"infamous42md" discovered that dhcpcd, a DHCP client for automatically
configuring IPv4 networking, can be tricked into reading past the end
of the supplied DHCP buffer which could lead to the daemon crashing.

------- Comment #10 From Markus Rothe 2005-07-11 10:21:00 0000 ------- 
stable on ppc64

------- Comment #11 From Bryan Østergaard (RETIRED) 2005-07-11 16:01:18 0000 ------- 
Stable on alpha + ia64.

------- Comment #12 From Thierry Carrez (RETIRED) 2005-07-12 01:00:19 0000 ------- 
Ready for GLSA

------- Comment #13 From Stephen Bennett (RETIRED) 2005-07-12 05:20:29 0000 ------- 
mips stable

------- Comment #14 From Thierry Carrez (RETIRED) 2005-07-15 14:01:47 0000 ------- 
GLSA 200507-16
arm should mark stable to benefit from GLSA
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug