Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 875521 (CVE-2022-2928, CVE-2022-2929) - <net-misc/dhcp-4.4.3_p1: Multiple vulnerabilities
Summary: <net-misc/dhcp-4.4.3_p1: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-2928, CVE-2022-2929
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa+]
Keywords:
Depends on: 877043
Blocks:
  Show dependency tree
 
Reported: 2022-10-05 19:17 UTC by Sam James
Modified: 2023-05-03 11:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-10-05 19:17:03 UTC
From dhcp-announce:

New versions of ISC DHCP are available, containing fixes for CVE-2022-2928
and CVE-2022-2929, about which more information is provided in the ISC Knowledge Base:

   https://kb.isc.org/docs/cve-2022-2928
   https://kb.isc.org/docs/cve-2022-2929


Downloads are available via the ISC download page:

   https://www.isc.org/download#DHCP

and release notes for the updated releases can be viewed via these links:

4.4.3-P1:
https://downloads.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES

4.1-ESV-R16-P2:
https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/dhcp-4.1-ESV-R16-P2-RELNOTES
Comment 1 Larry the Git Cow gentoo-dev 2022-10-05 19:21:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef7d8760852c160b5e3714fe0118c1db75540dd5

commit ef7d8760852c160b5e3714fe0118c1db75540dd5
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-10-05 19:20:01 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-10-05 19:20:33 +0000

    net-misc/dhcp: add 4.4.3_p1
    
    Bug: https://bugs.gentoo.org/875521
    Signed-off-by: Sam James <sam@gentoo.org>

 net-misc/dhcp/Manifest             |   1 +
 net-misc/dhcp/dhcp-4.4.3_p1.ebuild | 294 +++++++++++++++++++++++++++++++++++++
 2 files changed, 295 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-06 01:17:18 UTC
Also note:

NOTE: This software is now End-Of-Life. 4.4.3 is the final release planned. 
We will continue to keep the public issue tracker and user mailing list open.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 16:39:10 UTC
Please cleanup
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-10-14 17:34:03 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-10-14 18:26:07 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6b6755d0c062900a0c55af126119728c402c02d

commit b6b6755d0c062900a0c55af126119728c402c02d
Author:     David Seifert <soap@gentoo.org>
AuthorDate: 2022-10-14 18:25:25 +0000
Commit:     David Seifert <soap@gentoo.org>
CommitDate: 2022-10-14 18:25:25 +0000

    net-misc/dhcp: drop 4.4.2_p1-r2, 4.4.3-r1
    
    Bug: https://bugs.gentoo.org/875521
    Signed-off-by: David Seifert <soap@gentoo.org>

 net-misc/dhcp/Manifest                             |   2 -
 net-misc/dhcp/dhcp-4.4.2_p1-r2.ebuild              | 285 --------------------
 net-misc/dhcp/dhcp-4.4.3-r1.ebuild                 | 294 ---------------------
 net-misc/dhcp/files/dhcp-4.4.0-bind-disable.patch  |  22 --
 net-misc/dhcp/files/dhcp-4.4.2-fno-common.patch    |  34 ---
 net-misc/dhcp/files/dhcp-4.4.2-variable-name.patch |  25 --
 6 files changed, 662 deletions(-)
Comment 6 Larry the Git Cow gentoo-dev 2023-05-03 10:33:53 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=516446058bf5c37647ce7dfc2922a56aeaee107e

commit 516446058bf5c37647ce7dfc2922a56aeaee107e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-05-03 10:32:25 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2023-05-03 10:33:45 +0000

    [ GLSA 202305-22 ] ISC DHCP: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/792324
    Bug: https://bugs.gentoo.org/875521
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Sam James <sam@gentoo.org>

 glsa-202305-22.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)