Summary: | <net-misc/dhcp-4.3.4: Opening and never closing TCP connections can cause DoS (CVE-2016-2774) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | base-system |
Priority: | Normal | Flags: | kensington:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1315259 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=net-misc/dhcp-4.3.4
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2016-03-09 15:00:04 UTC
CVE-2016-2774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2774): ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. @maintainer(s), do you want to target 4.3.4 or 4.3.5? Fixed version is 4.3.4. 4.3.5 for stable is fine amd64 stable x86 stable Stable on alpha. arm stable ppc64 stable sparc stable Stable for HPPA. ppc stable ia64 stable. Maintainer(s), please cleanup. commit c417d2a49de69fa60b408e6bc9c2a372caffe1f8 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Tue Jan 17 16:58:30 2017 net-misc/dhcp: Security cleanup (bug #576866). Package-Manager: Portage-2.3.3, Repoman-2.3.1 GLSA Vote: No |