OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Project Master
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-web Date: 08-Jul-2004 21:38:31
Branch: HEAD Handle: 2004070820383100
Modified files:
openpkg-web/security OpenPKG-SA-2004.031-dhcpd.txt
Log:
release OpenPKG Security Advisory 2004.031 (dhcpd)
Summary:
Revision Changes Path
1.2 +18 -9 openpkg-web/security/OpenPKG-SA-2004.031-dhcpd.txt
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-web/security/OpenPKG-SA-2004.031-dhcpd.txt
============================================================================
$ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.031-dhcpd.txt
--- openpkg-web/security/OpenPKG-SA-2004.031-dhcpd.txt 8 Jul 2004 13:14:45
-0000 1.1
+++ openpkg-web/security/OpenPKG-SA-2004.031-dhcpd.txt 8 Jul 2004 19:38:31
-0000 1.2
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
________________________________________________________________________
OpenPKG Security Advisory The OpenPKG Project
@@ -19,7 +22,7 @@
Description:
As reported by US-CERT [0] Gregory Duchemin discovered several
- vulnerabilities in ISC DHCP Distribution [1] and helped fixing them.
+ vulnerabilities in the ISC DHCP Distribution [1].
Several buffer overflows were closed in logging messages with
excessively long hostnames provided by the clients. The Common
@@ -27,19 +30,18 @@
CAN-2004-0460 [2] to the problem.
Another issue was evident on some specific platforms where the dhcpd
- build mechanism ignored the existence of [v]snprintf(3) functions and
- used the weaker [v]sprintf(3) which lack bounds checking. The RELEASE
- updates enforces use of the favorable functions as it was verified
- they exist on all platforms supported by OpenPKG. The CURRENT update
- contains a vendor fix explicitly providing a suitable function. The
- Common Vulnerabilities and Exposures (CVE) project assigned the id
+ build mechanism ignored the existence of [v]snprintf(3) functions
+ and used the weaker [v]sprintf(3) which lack boundary checking. The
+ RELEASE updates enforce use of the favorable functions after it was
+ verified they exist on all platforms supported by OpenPKG. The CURRENT
+ update contains a vendor fix explicitly providing a suitable function.
+ The Common Vulnerabilities and Exposures (CVE) project assigned the id
CAN-2004-0461 [3] to the problem.
Please check whether you are affected by running "<prefix>/bin/rpm
-q dhcpd". If you have the "dhcpd" package installed and its version
is affected (see above), we recommend that you immediately upgrade
- it (see Solution) and its dependent packages (see above), if any,
- too [4][5].
+ it (see Solution) [4][5].
Solution:
Select the updated source RPM appropriate for your OpenPKG release
@@ -82,3 +84,10 @@
for details on how to verify the integrity of this advisory.
________________________________________________________________________
+-----BEGIN PGP SIGNATURE-----
+Comment: OpenPKG <[EMAIL PROTECTED]>
+
+iD8DBQFA7aKWgHWT4GPEy58RAs1iAJ9Uz3GmUXo0npwUKIQ2sWXeFO03tACgk6D4
+Nh1gkVYtUUa0/diFjixbv7s=
+=NUn4
+-----END PGP SIGNATURE-----
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
