Red Hat Product Errata RHSA-2018:1460 - Security Advisory

Issued:: 2018-05-15
Updated:: 2018-05-15

RHSA-2018:1460 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: dhcp security update

Type/Severity

Security Advisory: Critical

Topic

An update for dhcp is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.

Security Fix(es):

A command injection flaw was found in the NetworkManager integration script included in the DHCP client packages in Red Hat Enterprise Linux. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands with root privileges on systems using NetworkManager and configured to obtain network configuration using the DHCP protocol. (CVE-2018-1111)

Red Hat would like to thank Felix Wilhelm (Google Security Team) for reporting this issue.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 6.5 x86_64

Fixes

BZ - 1567974 - CVE-2018-1111 dhcp: Command injection vulnerability in the DHCP client NetworkManager integration script

CVEs

CVE-2018-1111

References

https://access.redhat.com/security/updates/classification/#critical

https://access.redhat.com/security/vulnerabilities/3442151

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 6.5

SRPM
dhcp-4.1.1-38.P1.el6_5.1.src.rpm	SHA-256: c0dcbff44b835de9f41eeffa076e48d62818081a6ecbc8254a9de17dc9a7046a
x86_64
dhclient-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 6b8347291fe6ed812ad965507dc7d2ef074a7d4e00cf7db7df4513c7954beec8
dhcp-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 5931f4593bfabd17fa952e1798d7fbc8d124bda3c09d93b54bc119d0458395c5
dhcp-common-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 14418603fc90afd6b94e4e08e95da0e3a8948474ecd8b805430f6716e3d477f1
dhcp-debuginfo-4.1.1-38.P1.el6_5.1.i686.rpm	SHA-256: e28cc8217859ab3d5c38fb608027251a9d110db7f5c398c5ce813a082f28cc37
dhcp-debuginfo-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 6555ecc59b3145b6f8f0b937013d78587bb808828df2290269805b1170bd0f4e
dhcp-debuginfo-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 6555ecc59b3145b6f8f0b937013d78587bb808828df2290269805b1170bd0f4e
dhcp-devel-4.1.1-38.P1.el6_5.1.i686.rpm	SHA-256: 4d9f5e0b9f7e0781e189b1eb205235380c244d5bf1aab2513ff653f4b33a48d0
dhcp-devel-4.1.1-38.P1.el6_5.1.x86_64.rpm	SHA-256: 22e191a1375f4e6142aa57154ac354f4ab72d6e1d2ddd004358cd166bf7bf6a8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories