RHSA-2005:603 - Security Advisory

Topic

An updated dhcpcd package that fixes a denial of service issue is
now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

The dhcpcd package includes a DHCP client daemon.

An out of bounds memory read bug was found in dhcpcd. A malicious user on
the local network could send a specially crafted DHCP packet to the client
causing it to crash. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1848 to this issue.

Users of dhcpcd should update to this erratum package, which contains a
patch that resolves this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

• BZ - 162009 - CAN-2005-1848 dhcpcd bad packet crash

CVEs

• CVE-2005-1848

References

(none)