Advisories

Mandriva Advisories

Package name	dhcpcd
Date	July 12th, 2005
Advisory ID	MDKSA-2005:117
Affected versions	10.1, CS3.0, MNF2.0, 10.2
Synopsis	Updated dhcpcd packages fix vulnerabilities

Problem Description

"infamous42md" discovered that the dhcpcd DHCP client could be tricked
into reading past the end of the supplied DHCP buffer, which could
lead to the daemon crashing.

The updated packages have been patched to address this issue.

Updated Packages

Mandrakelinux 10.1

 c690959dc0ba51327c85856cc42c0c05  10.1/RPMS/dhcpcd-1.3.22pl4-4.1.101mdk.i586.rpm
6b830a9a614025aa26c74c831dbbcd24  10.1/SRPMS/dhcpcd-1.3.22pl4-4.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 190a7e068611249ab13eba7f0754f30a  x86_64/10.1/RPMS/dhcpcd-1.3.22pl4-4.1.101mdk.x86_64.rpm
6b830a9a614025aa26c74c831dbbcd24  x86_64/10.1/SRPMS/dhcpcd-1.3.22pl4-4.1.101mdk.src.rpm

Corporate Server 3.0

 f12b8268879122dbfbb348856578701e  corporate/3.0/RPMS/dhcpcd-1.3.22pl4-4.1.C30mdk.i586.rpm
3f8e81acc938dd89f9a576cf50baff5f  corporate/3.0/SRPMS/dhcpcd-1.3.22pl4-4.1.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 2dc6f10ac3905c162177222ce57406a0  x86_64/corporate/3.0/RPMS/dhcpcd-1.3.22pl4-4.1.C30mdk.x86_64.rpm
3f8e81acc938dd89f9a576cf50baff5f  x86_64/corporate/3.0/SRPMS/dhcpcd-1.3.22pl4-4.1.C30mdk.src.rpm

Multi Network Firewall 2.0

 9bdd0724708754e99d58230ade8c5a86  mnf/2.0/RPMS/dhcpcd-1.3.22pl4-4.1.M20mdk.i586.rpm
49ee1f24093b7fb73638879b85eab2d4  mnf/2.0/SRPMS/dhcpcd-1.3.22pl4-4.1.M20mdk.src.rpm

Mandriva Linux LE2005

 8d7e2e4f9dd145c72dfa06b662437206  10.2/RPMS/dhcpcd-1.3.22pl4-4.1.102mdk.i586.rpm
f88321c6e99e6ecdd614e79dd938d6b4  10.2/SRPMS/dhcpcd-1.3.22pl4-4.1.102mdk.src.rpm

Mandriva Linux LE2005/X86_64

 442b745b6d43b1fca68a9843e8c55c94  x86_64/10.2/RPMS/dhcpcd-1.3.22pl4-4.1.102mdk.x86_64.rpm
f88321c6e99e6ecdd614e79dd938d6b4  x86_64/10.2/SRPMS/dhcpcd-1.3.22pl4-4.1.102mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1848

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.

URL:

https://mandriva.com/security/advisories

Short link:

https://mandriva.com/content/view/full/1075

Intersites Menu

Mandriva

Tools

Top menu

Advisories

Footer