MGASA-2013-0106
Date: | April 4th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated dhcp packages fix security vulnerability:
Exploitation of a memory exhaustion bug in libdns is theoretically
possible in ISC DHCP before 4.2.5-P1, which uses the library from
BIND 9 for Dynamic DNS.
Servers which are targeted by a successful attack will exhaust all
memory available to the server process, which is likely to crash the
DHCP server and may affect other processes running on the same physical
machine when system memory is exhausted (CVE-2013-2494).
Updated Packages:
i586:
dhcp-client-4.2.5P1-1.mga2.i586.rpm
dhcp-common-4.2.5P1-1.mga2.i586.rpm
dhcp-devel-4.2.5P1-1.mga2.i586.rpm
dhcp-doc-4.2.5P1-1.mga2.i586.rpm
dhcp-relay-4.2.5P1-1.mga2.i586.rpm
dhcp-server-4.2.5P1-1.mga2.i586.rpm
dhcp-debug-4.2.5P1-1.mga2.i586.rpm
x86_64:
dhcp-client-4.2.5P1-1.mga2.x86_64.rpm
dhcp-common-4.2.5P1-1.mga2.x86_64.rpm
dhcp-devel-4.2.5P1-1.mga2.x86_64.rpm
dhcp-doc-4.2.5P1-1.mga2.x86_64.rpm
dhcp-relay-4.2.5P1-1.mga2.x86_64.rpm
dhcp-server-4.2.5P1-1.mga2.x86_64.rpm
dhcp-debug-4.2.5P1-1.mga2.x86_64.rpm
SRPMS:
dhcp-4.2.5P1-1.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2494
https://kb.isc.org/article/AA-00880
https://kb.isc.org/article/AA-00891
https://bugs.mageia.org/show_bug.cgi?id=9547