Summary: | <net-misc/dhcpcd-6.4.3: Denial of service (CVE-2014-6060) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | William Hubbs <williamh> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://seclists.org/oss-sec/2014/q3/261 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
William Hubbs
2014-07-30 18:42:42 UTC
Please test and stabilize asap. Thanks, William x86 stable CVE request: http://seclists.org/oss-sec/2014/q3/261 Stable for HPPA. Stable on alpha. Marked ppc/ppc64 stable. ia64 stable sparc stable arm stable Cleanup, please! glsa request filed. All vulnerable versions have been removed. Thanks, William This issue was resolved and addressed in GLSA 201409-03 at http://security.gentoo.org/glsa/glsa-201409-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). CVE-2014-6060 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6060): The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again. |