rss-bot
July 14th, 2009, 08:50 PM
Referenced CVEs:
CVE-2009-0692
Description:
================================================== =========Ubuntu Security Notice USN-803-1 July 14, 2009dhcp3 vulnerabilityCVE-2009-0692============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: dhcp3-client 3.0.3-6ubuntu7.1 dhcp3-client-udeb 3.0.3-6ubuntu7.1Ubuntu 8.04 LTS: dhcp3-client 3.0.6.dfsg-1ubuntu9.1 dhcp3-client-udeb 3.0.6.dfsg-1ubuntu9.1Ubuntu 8.10: dhcp3-client 3.1.1-1ubuntu2.1 dhcp3-client-udeb 3.1.1-1ubuntu2.1Ubuntu 9.04: dhcp3-client 3.1.1-5ubuntu8.1 dhcp3-client-udeb 3.1.1-5ubuntu8.1After a standard system upgrade you need to restart any DHCP networkconnections utilizing dhclient3 to effect the necessary changes.Details follow:It was discovered that the DHCP client as included in dhcp3 did not verifythe length of certain option fields when processing a response from an IPv4dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to amalicious dhcp server, a remote attacker could cause a denial of service orexecute arbitrary code as the user invoking the program, typically the'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attackershould only be able to cause a denial of service in the DHCP client. InUbuntu 9.04, attackers would also be isolated by the AppArmor dhclient3profile.
More... (http://www.ubuntu.com/usn/usn-803-1)
CVE-2009-0692
Description:
================================================== =========Ubuntu Security Notice USN-803-1 July 14, 2009dhcp3 vulnerabilityCVE-2009-0692============================================== =============A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 8.04 LTSUbuntu 8.10Ubuntu 9.04This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: dhcp3-client 3.0.3-6ubuntu7.1 dhcp3-client-udeb 3.0.3-6ubuntu7.1Ubuntu 8.04 LTS: dhcp3-client 3.0.6.dfsg-1ubuntu9.1 dhcp3-client-udeb 3.0.6.dfsg-1ubuntu9.1Ubuntu 8.10: dhcp3-client 3.1.1-1ubuntu2.1 dhcp3-client-udeb 3.1.1-1ubuntu2.1Ubuntu 9.04: dhcp3-client 3.1.1-5ubuntu8.1 dhcp3-client-udeb 3.1.1-5ubuntu8.1After a standard system upgrade you need to restart any DHCP networkconnections utilizing dhclient3 to effect the necessary changes.Details follow:It was discovered that the DHCP client as included in dhcp3 did not verifythe length of certain option fields when processing a response from an IPv4dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to amalicious dhcp server, a remote attacker could cause a denial of service orexecute arbitrary code as the user invoking the program, typically the'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attackershould only be able to cause a denial of service in the DHCP client. InUbuntu 9.04, attackers would also be isolated by the AppArmor dhclient3profile.
More... (http://www.ubuntu.com/usn/usn-803-1)