[Bluewhite64 Linux Security] dhcp [BW64SA:20090717-01]
Hash: SHA1
[Bluewhite64 Linux Security] dhcp [BW64SA:20090717-01]
New dhcp packages are available for Bluewhite64 Linux 11.0, 12.0, 12.1 and 12.2
to fix a security issue with dhclient.
More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
Here are the details from the Bluewhite64 Linux 12.2 ChangeLog:
- ----------------------------------------------------------------
PATCHES/packages/dhcp-3.1.2p1-x86_64-1.tgz: Upgraded.
A stack overflow vulnerability was fixed in dhclient that could allow
remote attackers to execute arbitrary commands as root on the system,
or simply terminate the client, by providing an over-long subnet-mask
option.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0692
[*** Security fix ***]
Download the new packages from:
- --------------------------------
For Bluewhite64 Linux 11.0:
http://data.bluewhite64.com/bluewhite64-11.0/patches/packages/dhcp-3.1.2p1-x86_64-1.tgz
For Bluewhite64 Linux 12.0:
http://data.bluewhite64.com/bluewhite64-12.0/patches/packages/dhcp-3.1.2p1-x86_64-1.tgz
For Bluewhite64 Linux 12.1:
http://data.bluewhite64.com/bluewhite64-12.1/patches/packages/dhcp-3.1.2p1-x86_64-1.tgz
For Bluewhite64 Linux 12.2:
http://data.bluewhite64.com/bluewhite64-12.2/patches/packages/dhcp-3.1.2p1-x86_64-1.tgz
Also, please see the "Get Bluewhite64" section on http://www.bluewhite64.com for
additional mirror sites near you.
MD5 signatures:
- ----------------
Bluewhite64 11.0 package:
6c2758f85f1e8ae2ce5ede936f6d52c1 dhcp-3.1.2p1-x86_64-1.tgz
Bluewhite64 12.0 package:
562f55825cc0b276ec2f3b96651bfda4 dhcp-3.1.2p1-x86_64-1.tgz
Bluewhite64 12.1 package:
9030e7c53b12ca6a9c7fc3d36902b4a6 dhcp-3.1.2p1-x86_64-1.tgz
Bluewhite64 12.2 package:
ca013452728c7c9726e0c90b55c21d11 dhcp-3.1.2p1-x86_64-1.tgz
Installation instructions:
- ----------------------------
Upgrade the package as root:
# upgradepkg dhcp-3.1.2p1-x86_64-1.tgz
- ---
Bluewhite64 Linux Security Team
http://bluewhite64.com/gpg-key
security©bluewhite64.com
- ------------------------------------------------------
To leave the bluewhite64-security mailing list:
Send a blank email to
bluewhite64-security-unsubscribe©bluewhite64.com
You will get a confirmation message back containing
instructions to complete the process.
Please do not reply to this email address.
- ------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpgbjYACgkQpTOsxuDdlY5fgQCfctLcXw7RHAUpWkMzogWbu/Nz
9X4AnjnvVynXRejRQFPFcaB2ArX/ZWm1
=cnHf
-----END PGP SIGNATURE-----