A security issue has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service).
The security issue is caused due to an error when handling the expiration time of an active IPv6 lease and may result in a server crash if the lease time is reduced.
The security issue is reported in versions 4.1.x and 4.2.x.
Update to version 4.1-ESV-R7 or 4.2.4-P2.
ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows remote
attackers to cause a denial of service (daemon crash) in opportunistic
circumstances by establishing an IPv6 lease in an environment where the
lease expiration time is later reduced.
4.2.4_p2 is in the tree
Arch teams, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ppc ppc64 s390 sh sparc x86"
Stable for HPPA.
stable ppc ppc64
Adding to existing GLSA draft.
This issue was resolved and addressed in
GLSA 201301-06 at http://security.gentoo.org/glsa/glsa-201301-06.xml
by GLSA coordinator Stefan Behte (craig).