MGASA-2021-0307

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0307.html

Import Source

https://advisories.mageia.org/MGASA-2021-0307.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0307

Related

CVE-2021-25217

Published

2021-06-30T23:58:41Z

Modified

2021-06-30T22:39:43Z

Summary

Updated dhcp packages fix a security vulnerability

Details

A flaw was found in the Dynamic Host Configuration Protocol (DHCP). There is a discrepancy between the code that handles encapsulated option information inleases transmitted "on the wire" and the code which reads and parses lease information after it has been written to disk storage. This flaw allows an attacker to deliberately cause a situation where dhcpd while running in DHCPv4 or DHCPv6 mode, or the dhclient attempts to read a stored lease that contains option information, to trigger a stack-based buffer overflow in the option parsing code for colon-separated hex digits values. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability (CVE-2021-25217).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / dhcp

Package

Name: dhcp
Purl: pkg:rpm/mageia/dhcp?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.1-3.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:8 / dhcp

Package

Name: dhcp
Purl: pkg:rpm/mageia/dhcp?distro=mageia-8

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.4.2-10.1.mga8

Ecosystem specific

{
    "section": "core"
}