MGASA-2016-0034
- Source
- https://advisories.mageia.org/MGASA-2016-0034.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0034.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0034
- Related
- Published
- 2016-01-21T21:38:47Z
- Modified
- 2016-01-21T21:32:39Z
- Summary
- Updated dhcpcd packages fix security vulnerability
- Details
-
Possible heap overflow in dhcpcd before 6.10.0 caused by malformed dhcp responses due to incorrect option length values (CVE-2016-1503).
Possible invalid read in dhcpcd before 6.10.0 caused by malformed dhcp responses can lead to a crash (CVE-2016-1504).
The dhcpcd package has been updated to version 6.10.0 which fixes these issues and has several other bug fixes and enhancements.
- References
-
- https://advisories.mageia.org/MGASA-2016-0034.html
- https://bugs.mageia.org/show_bug.cgi?id=17462
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1001.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1004.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1012.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1018.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1058.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1089.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1093.html
- http://roy.marples.name/archives/dhcpcd-discuss/2015/1129.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1143.html
- http://openwall.com/lists/oss-security/2016/01/07/4
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / dhcpcd
Package
- Name
- dhcpcd
- Purl
- pkg:rpm/mageia/dhcpcd?arch=source&distro=mageia-5