From Mageia wiki
Jump to: navigation, search

MGASA-2013-0106

Date: April 4th, 2013
Affected releases: 2
Media: Core


Description:
Updated dhcp packages fix security vulnerability:

Exploitation of a memory exhaustion bug in libdns is theoretically
possible in ISC DHCP before 4.2.5-P1, which uses the library from
BIND 9 for Dynamic DNS.
Servers which are targeted by a successful attack will exhaust all
memory available to the server process, which is likely to crash the
DHCP server and may affect other processes running on the same physical
machine when system memory is exhausted (CVE-2013-2494).


Updated Packages:
i586:
dhcp-client-4.2.5P1-1.mga2.i586.rpm
dhcp-common-4.2.5P1-1.mga2.i586.rpm
dhcp-devel-4.2.5P1-1.mga2.i586.rpm
dhcp-doc-4.2.5P1-1.mga2.i586.rpm
dhcp-relay-4.2.5P1-1.mga2.i586.rpm
dhcp-server-4.2.5P1-1.mga2.i586.rpm
dhcp-debug-4.2.5P1-1.mga2.i586.rpm

x86_64:
dhcp-client-4.2.5P1-1.mga2.x86_64.rpm
dhcp-common-4.2.5P1-1.mga2.x86_64.rpm
dhcp-devel-4.2.5P1-1.mga2.x86_64.rpm
dhcp-doc-4.2.5P1-1.mga2.x86_64.rpm
dhcp-relay-4.2.5P1-1.mga2.x86_64.rpm
dhcp-server-4.2.5P1-1.mga2.x86_64.rpm
dhcp-debug-4.2.5P1-1.mga2.x86_64.rpm

SRPMS:
dhcp-4.2.5P1-1.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494
https://kb.isc.org/article/AA-00880
https://kb.isc.org/article/AA-00891
https://bugs.mageia.org/show_bug.cgi?id=9547