On 2019-04-27.03:46, Timo Sigurdsson wrote: > * auth: Use consttime_memequal to avoid latency attack consttime_memequal > is supplied if libc does not support it > dhcpcd >=6.2 <7.2.1 are vulnerable > > * DHCP: Fix a potential 1 byte read overflow with DHO_OPTSOVERLOADED > dhcpcd >=4 <7.2.1 are vulnerable > > * DHCPv6: Fix a potential buffer overflow reading NA/TA addresses > dhcpcd >=7 <7.2.1 are vulnerable
Hi Timo, Thanks for the heads up, I agree with the severity. I'll put together some uploads to fix this in the next few days. -- Regards, Scott Leggett.
signature.asc
Description: PGP signature
