[ubuntu/trusty-security] isc-dhcp 4.2.4-7ubuntu12.12 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Mar 1 17:38:15 UTC 2018 

isc-dhcp (4.2.4-7ubuntu12.12) trusty-security; urgency=medium

  * SECURITY UPDATE: DoS via concurrent TCP sessions
    - debian/patches/CVE-2016-2774.patch: limit number of connections in
      includes/site.h, omapip/listener.c.
    - CVE-2016-2774
  * SECURITY UPDATE: DoS via omapi
    - debian/patches/CVE-2018-573x.patch: fix socket descriptor leak in
      omapip/buffer.c, omapip/message.c.
    - CVE-2017-3144
  * SECURITY UPDATE: buffer overflow in dhclient
    - debian/patches/CVE-2018-573x.patch: check option data size in
      common/options.c.
    - CVE-2018-5732
  * SECURITY UPDATE: reference counter overflow in dhcpd
    - debian/patches/CVE-2018-573x.patch: avoid overflow in
      common/options.c.
    - CVE-2018-5733
  * This package does _not_ contain the changes from 4.2.4-7ubuntu12.11 in
    trusty-proposed.

isc-dhcp (4.2.4-7ubuntu12.10) trusty; urgency=medium

  * Introduction of a new binary package "isc-dhcp-client-noddns" (LP: #1176046)
    - isc-dhcp-client : no behavioural change from previous version.
    - isc-dhcp-client-noddns : dhclient with DDNS functionality disabled.

    The current functionality in Trusty is to provide DDNS to dhclient by
    default. Note that, this is the opposite in Xenial where dhclient,
    by default, offers no DDNS functionality.

  * Disable tracing and failover.

    The tracing and failover are stricly disabled for the new package
    "isc-dhcp-client-noddns" and doesn't apply to package "isc-dhcp-client".

    In order to successfully build "isc-dhcp-client-noddns" without
    -DNSUPDATE and stay align with upstream Debian git commit [0bbf7c7]
    (closes: #712503) which implies the following:

    - debian/rules : Disable support for failover
      (DHCP Failover is a mechanism whereby two DHCP servers are both configured
      to manage the same pool of addresses so that they can share the load of
      assigning leases for that pool, and provide back-up for each other in case
      of network outages.
      (Define to include Failover Protocol support)

    - debian/rules : Disable support for server activity tracing
      (Server tracing support)

  * CFLAGS configuration change
    - debian/rules : Add backslash '\' characters for CLAGS options :
      "-D_PATH_DHCLIENT_CONF" , "-D_PATH_DHCPD_CONF" , "-D_PATH_DHCLIENT_SCRIPT"
      to avoid compilation errors expression before '/' token is expected at
      compile time.
    - debian/rules : Remove "export CLAGS" line, since it is now passing during
      ./configure in order to control when compiling with or without DDNS
      functionality.

isc-dhcp (4.2.4-7ubuntu12.9) trusty; urgency=medium

  * [4b8251a] DHCPv6: fix socket handling so multiple DHCPv6 local clients will
    successfully get addresses (LP: #1689854)

isc-dhcp (4.2.4-7ubuntu12.8) trusty; urgency=medium

  * ipv6: wait for duplicate address detection to finish (LP: #1633479).

isc-dhcp (4.2.4-7ubuntu12.7) trusty; urgency=medium

  * Don't assume IPv6 prefix length of 64 (LP: #1609898).
    Pulled from debian commit c347ab8a43587164486ce1f104eedfd638594e59.

isc-dhcp (4.2.4-7ubuntu12.6) trusty; urgency=medium

  * Fixed missing broadcast flag for Infiniband interfaces (LP: #1529815)
    - added:
      + d/p/dhcp-4.2.4-dhclient-options-changed.patch

isc-dhcp (4.2.4-7ubuntu12.5) trusty; urgency=medium

  * debian/apparmor-profile.dhclient: Add the attach_disconnected flag to prevent
    disconnected path denials (LP: #1568485).

Date: 2018-03-01 14:11:15.811065+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/isc-dhcp/4.2.4-7ubuntu12.12
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list