Package "isc-dhcp-server-ldap"
| Name: |
isc-dhcp-server-ldap
|
Description: |
DHCP server that uses LDAP as its backend
|
| Latest version: |
4.3.3-5ubuntu12.9 |
| Release: |
xenial (16.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
isc-dhcp |
| Homepage: |
http://www.isc.org |
Links
Download "isc-dhcp-server-ldap"
Other versions of "isc-dhcp-server-ldap" in Xenial
Changelog
|
isc-dhcp (4.3.3-5ubuntu12.9) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via concurrent TCP sessions
- debian/patches/CVE-2016-2774.patch: limit number of connections in
includes/site.h, omapip/listener.c.
- CVE-2016-2774
* SECURITY UPDATE: DoS via omapi
- debian/patches/CVE-2018-573x.patch: fix socket descriptor leak in
omapip/buffer.c, omapip/message.c.
- CVE-2017-3144
* SECURITY UPDATE: buffer overflow in dhclient
- debian/patches/CVE-2018-573x.patch: check option data size in
common/options.c, add tests to common/tests/Makefile.am,
common/tests/option_unittest.c.
- CVE-2018-5732
* SECURITY UPDATE: reference counter overflow in dhcpd
- debian/patches/CVE-2018-573x.patch: avoid overflow in
common/options.c.
- CVE-2018-5733
* This package does _not_ contain the changes from 4.3.3-5ubuntu12.8 in
xenial-proposed.
-- Marc Deslauriers <email address hidden> Thu, 01 Mar 2018 08:20:48 -0500
|
| CVE-2016-2774 |
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attac |
| CVE-2017-3144 |
dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service |
| CVE-2018-5732 |
A specially constructed response from a malicious server can cause a buffer overflow in dhclient |
| CVE-2018-5733 |
A malicious client can overflow a reference counter in ISC dhcpd |
|
About
-
Send Feedback to @ubuntu_updates
