Synopsis

Critical: dhcp security update

Type/Severity

Security Advisory: Critical

Topic

An update for dhcp is now available for Red Hat Enterprise Linux 7.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

• A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)
  

Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
• Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
• Red Hat Enterprise Linux Server - AUS 7.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
• Red Hat Enterprise Linux Server - TUS 7.4 x86_64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64

Fixes

• BZ - 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

CVEs

• CVE-2018-1111

References

• https://access.redhat.com/security/updates/classification/#critical
• https://access.redhat.com/security/vulnerabilities/3442151

Red Hat Enterprise Linux Server - Extended Update Support 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
x86_64
dhclient-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 1214b18eccb889a6082103305dac804041558bf3bb79da5904f799b6d94e99aa
dhcp-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 8647c4005db63ea8e087bc4c195920f23c2ad175919cb6f2f3a3a0e80a69ba43
dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: d6af40a742a80c42d63315d6beaedc92897bcadb04aa88bb507c05b94428248d
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-devel-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 4396ae9109aef1dbb1cc39d22b2d1eb40ed8c17c71afc3d94b3485120f2441ae
dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e1b239433f03d615ac2b8c014ad8e8f5b670f9b2b5bb47205f5c3e7963acaf52
dhcp-libs-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 88d32fcb15096a517351bd417e963daf76f56efeda9dbafa74e3a9a110fa090a
dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e66c4abbf138cc2fff8b7ee08f4e3586f0e8c8377e8c4a7c51f46380db3895f5

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
s390x
dhclient-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: 416ae6f0999c0408651617375ae6690824a30ee91f2d060574c5a8fa66056509
dhcp-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: 5a09f9afa3ea7df29276532dba9710ee2a5b3e99c1d0faa95479dfb39b242883
dhcp-common-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: f0bc47cee99ec147da2277d4879bf7f4c53bc9e2d67d01f7daf805985fcc991c
dhcp-debuginfo-4.2.5-58.el7_4.4.s390.rpm	SHA-256: e44f60aec38f149dfdc8f0455b3eb1b9a04d91edaa0972e41f2cf1fcc05200b1
dhcp-debuginfo-4.2.5-58.el7_4.4.s390.rpm	SHA-256: e44f60aec38f149dfdc8f0455b3eb1b9a04d91edaa0972e41f2cf1fcc05200b1
dhcp-debuginfo-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: 6e9e02b8400e76059901ea26c7a3cca7496b2df44c18403ad4d2224f7b0fe6d3
dhcp-debuginfo-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: 6e9e02b8400e76059901ea26c7a3cca7496b2df44c18403ad4d2224f7b0fe6d3
dhcp-devel-4.2.5-58.el7_4.4.s390.rpm	SHA-256: 04b3df1163f4773af57c9fc80fcfacd429975021a4ea349feab07e040c304ae1
dhcp-devel-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: a6ef195811edf1ad9a0a186cec36a0b70ff9d9968c59fdb238a477c01687beb5
dhcp-libs-4.2.5-58.el7_4.4.s390.rpm	SHA-256: eff5510cffa325609a4a74e6fd12911e94e440b0ffabc3a1ac7f255db3d072c6
dhcp-libs-4.2.5-58.el7_4.4.s390x.rpm	SHA-256: 016f85795b47dc1fb6608d712c6687afc1ebabc0b286147be6e7273f2e89b306

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
ppc64
dhclient-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: a8343ad4077f1aa98d787bc0926d2cfa526de2cd3c6549ead8358e1f33f0b3bd
dhcp-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: e57c70c48259ffb1bedd871d73132da9b666c65bf1a63e5b11d55abf05393911
dhcp-common-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: e9eda325c88dc971307032138cd3e9dbe81c0c064f5aac295d49aea8d54c5e3f
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc.rpm	SHA-256: ada93434f435a9e57fbb2fe463ad6318e2efafbfbf8c0c560209fa96daa94def
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc.rpm	SHA-256: ada93434f435a9e57fbb2fe463ad6318e2efafbfbf8c0c560209fa96daa94def
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: f371b5ba83308b7665122831ec0071b8fd30fb767b8a3296782c046a827b030e
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: f371b5ba83308b7665122831ec0071b8fd30fb767b8a3296782c046a827b030e
dhcp-devel-4.2.5-58.el7_4.4.ppc.rpm	SHA-256: 3d1642fc182fd502fb32de75e6e2d2f58a50e1c3fe0b7a4e1ef47cbe320d97c8
dhcp-devel-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: b1512e397ee795959990418c2e0a0302ada27b09e55b9888fe95561127ae93e5
dhcp-libs-4.2.5-58.el7_4.4.ppc.rpm	SHA-256: e8d58607dcc7c79d13513d4bc13ce2f4e56a41d3eb813244c5f253d93621f5da
dhcp-libs-4.2.5-58.el7_4.4.ppc64.rpm	SHA-256: d8f98ac7ebe7b64673e0b1cc85437f1c06a5a76a8f3ca94767e102fe2efb0977

Red Hat Enterprise Linux EUS Compute Node 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
x86_64
dhclient-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 1214b18eccb889a6082103305dac804041558bf3bb79da5904f799b6d94e99aa
dhcp-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 8647c4005db63ea8e087bc4c195920f23c2ad175919cb6f2f3a3a0e80a69ba43
dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: d6af40a742a80c42d63315d6beaedc92897bcadb04aa88bb507c05b94428248d
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-devel-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 4396ae9109aef1dbb1cc39d22b2d1eb40ed8c17c71afc3d94b3485120f2441ae
dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e1b239433f03d615ac2b8c014ad8e8f5b670f9b2b5bb47205f5c3e7963acaf52
dhcp-libs-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 88d32fcb15096a517351bd417e963daf76f56efeda9dbafa74e3a9a110fa090a
dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e66c4abbf138cc2fff8b7ee08f4e3586f0e8c8377e8c4a7c51f46380db3895f5

Red Hat Enterprise Linux Server - AUS 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
x86_64
dhclient-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 1214b18eccb889a6082103305dac804041558bf3bb79da5904f799b6d94e99aa
dhcp-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 8647c4005db63ea8e087bc4c195920f23c2ad175919cb6f2f3a3a0e80a69ba43
dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: d6af40a742a80c42d63315d6beaedc92897bcadb04aa88bb507c05b94428248d
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-devel-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 4396ae9109aef1dbb1cc39d22b2d1eb40ed8c17c71afc3d94b3485120f2441ae
dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e1b239433f03d615ac2b8c014ad8e8f5b670f9b2b5bb47205f5c3e7963acaf52
dhcp-libs-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 88d32fcb15096a517351bd417e963daf76f56efeda9dbafa74e3a9a110fa090a
dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e66c4abbf138cc2fff8b7ee08f4e3586f0e8c8377e8c4a7c51f46380db3895f5

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
ppc64le
dhclient-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: e14269d4081359ddc230c6072379e029866b5ea47e06a946ac22c24177db385c
dhcp-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 8ece140c065259482e8d93609ca5d6ebfe759b19459b772563a03058329d0c92
dhcp-common-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: b6e919cee7e229a73c800c2e4e1d4ecc11478a4886d95c49b0a5c1e68771e18b
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 981dcf309ad6dcd429a3457ed715a2b52d74d96e993815e331a454c4d5027679
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 981dcf309ad6dcd429a3457ed715a2b52d74d96e993815e331a454c4d5027679
dhcp-devel-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 7417b2106803298b43b62bc2b1e39a9496139d0417572150efabf6f8ce14d747
dhcp-libs-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: ab45716f5b62118f6d0aacdd07e9e7cd0ba4e3213dea85b935574fdf5acca7af

Red Hat Enterprise Linux Server - TUS 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
x86_64
dhclient-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 1214b18eccb889a6082103305dac804041558bf3bb79da5904f799b6d94e99aa
dhcp-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 8647c4005db63ea8e087bc4c195920f23c2ad175919cb6f2f3a3a0e80a69ba43
dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: d6af40a742a80c42d63315d6beaedc92897bcadb04aa88bb507c05b94428248d
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-devel-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 4396ae9109aef1dbb1cc39d22b2d1eb40ed8c17c71afc3d94b3485120f2441ae
dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e1b239433f03d615ac2b8c014ad8e8f5b670f9b2b5bb47205f5c3e7963acaf52
dhcp-libs-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 88d32fcb15096a517351bd417e963daf76f56efeda9dbafa74e3a9a110fa090a
dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e66c4abbf138cc2fff8b7ee08f4e3586f0e8c8377e8c4a7c51f46380db3895f5

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
ppc64le
dhclient-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: e14269d4081359ddc230c6072379e029866b5ea47e06a946ac22c24177db385c
dhcp-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 8ece140c065259482e8d93609ca5d6ebfe759b19459b772563a03058329d0c92
dhcp-common-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: b6e919cee7e229a73c800c2e4e1d4ecc11478a4886d95c49b0a5c1e68771e18b
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 981dcf309ad6dcd429a3457ed715a2b52d74d96e993815e331a454c4d5027679
dhcp-debuginfo-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 981dcf309ad6dcd429a3457ed715a2b52d74d96e993815e331a454c4d5027679
dhcp-devel-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: 7417b2106803298b43b62bc2b1e39a9496139d0417572150efabf6f8ce14d747
dhcp-libs-4.2.5-58.el7_4.4.ppc64le.rpm	SHA-256: ab45716f5b62118f6d0aacdd07e9e7cd0ba4e3213dea85b935574fdf5acca7af

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4

SRPM
dhcp-4.2.5-58.el7_4.4.src.rpm	SHA-256: 7f2efa921260b7faa55b65cf26fbb4fdae7ccfd33ba2f5bd90f8f3970997d25e
x86_64
dhclient-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 1214b18eccb889a6082103305dac804041558bf3bb79da5904f799b6d94e99aa
dhcp-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 8647c4005db63ea8e087bc4c195920f23c2ad175919cb6f2f3a3a0e80a69ba43
dhcp-common-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: d6af40a742a80c42d63315d6beaedc92897bcadb04aa88bb507c05b94428248d
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 6aea0bf9a80e82f7a5712b7acce768b37283022a4884dc1e0621a53de543f841
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-debuginfo-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: 09e0fb448968925b8bbc6f3ca579cac70d1551837151e45b9ac2e9c732f8f457
dhcp-devel-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 4396ae9109aef1dbb1cc39d22b2d1eb40ed8c17c71afc3d94b3485120f2441ae
dhcp-devel-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e1b239433f03d615ac2b8c014ad8e8f5b670f9b2b5bb47205f5c3e7963acaf52
dhcp-libs-4.2.5-58.el7_4.4.i686.rpm	SHA-256: 88d32fcb15096a517351bd417e963daf76f56efeda9dbafa74e3a9a110fa090a
dhcp-libs-4.2.5-58.el7_4.4.x86_64.rpm	SHA-256: e66c4abbf138cc2fff8b7ee08f4e3586f0e8c8377e8c4a7c51f46380db3895f5