Synopsis

Critical: dhcp security update

Type/Severity

Security Advisory: Critical

Topic

An update for dhcp is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

• A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)
  

Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for IBM z Systems 6 s390x
• Red Hat Enterprise Linux for Power, big endian 6 ppc64
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64

Fixes

• BZ - 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

CVEs

• CVE-2018-1111

References

• https://access.redhat.com/security/updates/classification/#critical
• https://access.redhat.com/security/vulnerabilities/3442151

Red Hat Enterprise Linux Server 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
x86_64
dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: c752193985d5b3fd565c1d1c58fe3a7639ca02a556e7ab047a5d782055755306
dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 2de6bee77bf7b0746ed36bf7e4aa7a2de3fc06cffcd753acdcbf00279b25b713
dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: be69fe5e4ef3d08f98b670aba527f25e50734cb61af978d071932e9233ad542d
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334
dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 92158f772a64b249fe7806a45ed92dce25467a7a4167a09c4fe1a017145e252c
i386
dhclient-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 377b45420bd717908e82908177f16e05cf558ffd8e74a428cd34b5cd79f0949c
dhcp-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 4cf3133f08531d3feb8534c641761a1be2dbf8b53762ac25c8f3098287e742c7
dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 73947f5351756ba49c84702a15c08da670c10598cc1be94f57fef9968458b330
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334

Red Hat Enterprise Linux Workstation 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
x86_64
dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: c752193985d5b3fd565c1d1c58fe3a7639ca02a556e7ab047a5d782055755306
dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 2de6bee77bf7b0746ed36bf7e4aa7a2de3fc06cffcd753acdcbf00279b25b713
dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: be69fe5e4ef3d08f98b670aba527f25e50734cb61af978d071932e9233ad542d
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334
dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 92158f772a64b249fe7806a45ed92dce25467a7a4167a09c4fe1a017145e252c
i386
dhclient-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 377b45420bd717908e82908177f16e05cf558ffd8e74a428cd34b5cd79f0949c
dhcp-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 4cf3133f08531d3feb8534c641761a1be2dbf8b53762ac25c8f3098287e742c7
dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 73947f5351756ba49c84702a15c08da670c10598cc1be94f57fef9968458b330
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334

Red Hat Enterprise Linux Desktop 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
x86_64
dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: c752193985d5b3fd565c1d1c58fe3a7639ca02a556e7ab047a5d782055755306
dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 2de6bee77bf7b0746ed36bf7e4aa7a2de3fc06cffcd753acdcbf00279b25b713
dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: be69fe5e4ef3d08f98b670aba527f25e50734cb61af978d071932e9233ad542d
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334
dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 92158f772a64b249fe7806a45ed92dce25467a7a4167a09c4fe1a017145e252c
i386
dhclient-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 377b45420bd717908e82908177f16e05cf558ffd8e74a428cd34b5cd79f0949c
dhcp-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 4cf3133f08531d3feb8534c641761a1be2dbf8b53762ac25c8f3098287e742c7
dhcp-common-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 73947f5351756ba49c84702a15c08da670c10598cc1be94f57fef9968458b330
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
s390x
dhclient-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 5f6d7804dd92d85c56b381b89f859f496496899106485c73600c30c287040314
dhcp-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 14ec0854ab64a5e88ac06a776f175a43056acd9ece6649eb77cf1dc627cca633
dhcp-common-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 20effded98ae7b493e4d75a4202478b60eff0cf221e86eda67a0ef7ea47586bb
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390.rpm	SHA-256: f2bd5bb8c2812b6b55afefa3b34a6bc940ab0c6f98949c0da5f296b0dfbaaa9a
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 6f0e3e943592e95dfe32100354ff67577d04fe9048b36568cb7249527e230110
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 6f0e3e943592e95dfe32100354ff67577d04fe9048b36568cb7249527e230110
dhcp-devel-4.1.1-53.P1.el6_9.4.s390.rpm	SHA-256: c6dac612ecd721c4cad840d818aeea9da267ea9ad146c8da302b1762fe3094ed
dhcp-devel-4.1.1-53.P1.el6_9.4.s390x.rpm	SHA-256: 5f3b6938079686509de6f5ef6ba3ee857d2b06543cd85b5f4f49ed6f1634e4e6

Red Hat Enterprise Linux for Power, big endian 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
ppc64
dhclient-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: 5ff968e4c5fee1e418e3606734197fe6d785d2654619f956df8e9846b0f0bb2a
dhcp-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: f9c35844339232892a84e9f8ac9967f15e349aad1117786c9ff170e97788566c
dhcp-common-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: 0a8354f42feb6c7f836f8c2049ad0f117056e6dbed10a93ce7b66593dfce37cc
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc.rpm	SHA-256: 3ad56882a379f7c9222b30fbf77deacedb3591b147a01d4a32d32aa745c2867f
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: 8889425b91ee49efa2f9418c2f7a9b305aa4bdc8e47c0f237d9978abe025ae98
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: 8889425b91ee49efa2f9418c2f7a9b305aa4bdc8e47c0f237d9978abe025ae98
dhcp-devel-4.1.1-53.P1.el6_9.4.ppc.rpm	SHA-256: 0bf91b38d09e507e0864f4be64b93b275e2e1c9ff05c03dfa40048cf3ed88992
dhcp-devel-4.1.1-53.P1.el6_9.4.ppc64.rpm	SHA-256: e34fddccc398b83c895c04ee3640c8067670159a77d330ad395b6ef8d479f775

Red Hat Enterprise Linux for Scientific Computing 6

SRPM
dhcp-4.1.1-53.P1.el6_9.4.src.rpm	SHA-256: 40de5f63434590d435030eb468fde423898b24c121a75ee1cb3e9a61f87d9c50
x86_64
dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: c752193985d5b3fd565c1d1c58fe3a7639ca02a556e7ab047a5d782055755306
dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 2de6bee77bf7b0746ed36bf7e4aa7a2de3fc06cffcd753acdcbf00279b25b713
dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: be69fe5e4ef3d08f98b670aba527f25e50734cb61af978d071932e9233ad542d
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm	SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334
dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm	SHA-256: 92158f772a64b249fe7806a45ed92dce25467a7a4167a09c4fe1a017145e252c