CVE-2010-2156 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2156): ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote attackers to cause a denial of service (server exit) via a zero-length client ID.
Note: 4.1.x is hardmasked.
base-system, please commit updated ebuilds and remove the vulnerable versions.
There is ebuild on http://code.google.com/p/barzog-gentoo-overlay/ that seems to be working for me on amd64 (at least the client part)... with one exception: there is typo in dhcp-4.0-dhclient-resolvconf.patch taken from portage tree, here is a fix: --- /usr/portage/net-misc/dhcp/files/dhcp-4.0-dhclient-resolvconf.patch 2008-09-04 14:39:45.000000000 +0200 +++ /usr/local/portage/net-misc/dhcp/files/dhcp-4.0-dhclient-resolvconf.patch 2010-06-29 18:57:12.000000000 +0200 @@ -5,7 +5,7 @@ #!/bin/sh make_resolv_conf() { -+ if [ x"$PEER_DNS" != x ] && [ x$"PEER_DNS" != xyes ]; then ++ if [ x"$PEER_DNS" != x ] && [ x"$PEER_DNS" != xyes ]; then + return 0 + fi + local conf=
Created attachment 236939 [details, diff] corrected dhcp-4.0-dhclient-resolvconf.patch Sorry, the typo mentioned above is in the patch multiple times... attaching corrected patch.
dhcp-4.2.1 now in the tree and all other dhcp-4.x ebuilds punted. since this is still masked, i'll close out the bug.
