MGASA-2016-0190
- Source
- https://advisories.mageia.org/MGASA-2016-0190.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0190.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2016-0190
- Related
- Published
- 2016-05-20T11:38:30Z
- Modified
- 2016-05-20T11:30:20Z
- Summary
- Updated dhcpcd packages fix security vulnerability
- Details
-
The print_option function in dhcp-common.c in dhcpcd through 6.10.2 misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted message (CVE-2014-7913).
The dhcpcd package has been updated to version 6.11.0 which fixes this issue and has several other bug fixes and enhancements.
- References
-
- https://advisories.mageia.org/MGASA-2016-0190.html
- https://bugs.mageia.org/show_bug.cgi?id=18422
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1146.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1244.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1251.html
- http://roy.marples.name/archives/dhcpcd-discuss/2016/1292.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / dhcpcd
Package
- Name
- dhcpcd
- Purl
- pkg:rpm/mageia/dhcpcd?distro=mageia-5