Source: isc-dhcp Version: 4.4.1-2.2 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 4.4.1-2
Hi, The following vulnerability was published for isc-dhcp. CVE-2021-25217[0]: | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 | (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or | lower and releases in the 4.3.x series) are beyond their End-of-Life | (EOL) and no longer supported by ISC. From inspection it is clear that | the defect is also present in releases from those series, but they | have not been officially tested for the vulnerability), The outcome of | encountering the defect while reading a lease that will trigger it | varies, according to: the component being affected (i.e., dhclient or | dhcpd) whether the package was built as a 32-bit or 64-bit binary | whether the compiler flag -fstack-protection-strong was used when | compiling In dhclient, ISC has not successfully reproduced the error | on a 64-bit system. However, on a 32-bit system it is possible to | cause dhclient to crash when reading an improper lease, which could | cause network connectivity problems for an affected system due to the | absence of a running DHCP client process. In dhcpd, when run in DHCPv4 | or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit | architecture AND the -fstack-protection-strong flag was specified to | the compiler, dhcpd may exit while parsing a lease file containing an | objectionable lease, resulting in lack of service to clients. | Additionally, the offending lease and the lease immediately following | it in the lease database may be improperly deleted. if the dhcpd | server binary was built for a 64-bit architecture OR if the -fstack- | protection-strong compiler flag was NOT specified, the crash will not | occur, but it is possible for the offending lease and the lease which | immediately followed it to be improperly deleted. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-25217 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25217 [1] https://kb.isc.org/docs/cve-2021-25217 [2] https://www.openwall.com/lists/oss-security/2021/05/26/6 Regards, Salvatore