[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:23338] [SECURITY] New verion of dhcp released (updated) (from debian-security-announce@lists.debian.org)

From: Hiroshi KISE <fuyuneko@xxxxxxxxxxxx>
Subject: [debian-users:23338] [SECURITY] New verion of dhcp released (updated) (from debian-security-announce@lists.debian.org)
Date: Sat, 29 Jul 2000 17:14:30 +0900
X-ml-info: If you have a question, send e-mail with the body "help" (without quotes) to the address debian-users-ctl@debian.or.jp; help=<mailto:debian-users-ctl@debian.or.jp?body=help>
X-ml-name: debian-users
X-mlserver: fml [fml 3.0pl#17]; post only (only members can post)
X-sender: kise@xxxxxxxxx
References: <20000728141730.3833.qmail@murphy.debian.org>
Message-id: <88aef1xsk7.wl@xxxxxxxxxxxxxxx>
X-mail-count: 23338
User-agent: Wanderlust/1.1.1 (Purple Rain) EMIKO/1.13.9 (Euglena tripteris) FLIM/1.13.2 (Kasanui) APEL/10.2 MULE XEmacs/21.1 (patch 10) (Capitol Reef) (i386-debian-linux)

debian-security-announce@lists.debian.orgからの情報です。

dhcp-client-beta(Debian 2.1、slink)とdhcp-client(Debian 2.2、potato)に、
セキュリティホールを修正したバージョンが出ているそうです。

		パッケージ名		修正版
Debian 2.1:	dhcp-client-beta	2.0b1pl6-0.4
Debian 2.2:	dhcp-client		2.0-3potato2

この問題は1か月前の修正版で解決されていますが、その後、開発元である
ISCが新しいパッチを発表しました。今回出た修正版はこのパッチを適用
したものです。

1か月前の修正版リリースアナウンス:
http://lists.debian.org/debian-security-announce-00/msg00012.html

なお、このセキュリティホールは、リモートからroot権限でコマンドを
実行されてしまうというものです。できるだけ早くアップグレードする
ことをおすすめします。


引用しているメイルは、
http://lists.debian.org/debian-security-announce-00/msg00021.html
でも読めると思われます(このメイルを書いている時点では、まだ入って
いません)。また、
http://www.debian.org/security/
にも掲載されるでしょう。

At Fri, 28 Jul 2000 10:17:27 -0400,
Michael Stone wrote:
> - ------------------------------------------------------------------------
> Debian Security Advisory                             security@debian.org
> http://www.debian.org/security/                            Michael Stone
> July 28, 2000
> - ------------------------------------------------------------------------

> Package: dhcp-client-beta (dhcp-client)
> Vulnerability type: remote root exploit
> Debian-specific: no

> The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
> (potato) are vulnerable to a root exploit. The OpenBSD team reports that
> the client inappropriately executes commands embedded in replies sent
> from a dhcp server. This means that a malicious dhcp server can execute
> commands on the client with root privilages. A previous Debian security
> advisory addressed this issue with package versions 2.0b1pl6-0.3 and
> 2.0-3potato1, but ISC has released a newer patch since the original
> advisory. You should install the latest packages even if you upgraded
> when the last advisory was released.

> The reported vulnerability is fixed in the package dhcp-client-beta
> 2.0b1pl6-0.4 for the current stable release (debian 2.1) and in
> dhcp-client 2.0-3potato2 for the frozen pre-release (debian 2.2). The
> dhcp server and relay agents are built from the same source as the
> client; however, the server and relay agents are not vulnerable to this
> issue and do not need to be upgraded.  We recommend upgrading your
> dhcp-client-beta and dhcp-client immediately.
(以下省略)
-- 
喜瀬“冬猫”浩＠南国沖縄

Prev by Date: [debian-users:23337] Re: Fw: Dedication of the Debian 2.2 release
Next by Date: [debian-users:23339] potato loadlin install (Re: Re: potato installer doesn't assume installation with FAT partition?)
Previous by thread: [debian-users:23336] Re: Fw: Dedication of the Debian 2.2 release
Next by thread: [debian-users:23339] potato loadlin install (Re: Re: potato installer doesn't assume installation with FAT partition?)
Index(es):
- Date
- Thread