Security update for dhcp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0540-1 Final 1 1 2016-02-22T13:35:56Z current 2016-02-22T13:35:56Z 2016-02-22T13:35:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dhcp This update for dhcp fixes the following issues: - CVE-2015-8605: A remote attacker could have used badly formed packets with an invalid IPv4 UDP length field to cause a DHCP server, client, or relay program to terminate abnormally (bsc#961305) The following bugs were fixed: - bsc#936923: Improper lease duration checking - bsc#880984: Integer overflows in the date and time handling code - bsc#956159: fixed service files to start dhcpd after slapd - bsc#960506: Improve exit reason and logging when /sbin/dhclient-script is unable to pre-init requested interface - bsc#947780: DHCP server could abort with 'Unable to set up timer: out of range' on very long or infinite timer intervals / lease lifetimes - bsc#912098: dhclient could pretend to run while silently declining leases - bsc#919959: server: Do not log success report before send reported success - bsc#928390: dhclient dit not expose next-server DHCPv4 option to script - bsc#926159: DHCP preferrend and valid lifetime would be logged incorrectly - bsc#910686: Prevent a dependency conflict of dhcp-devel with bind-devel package The following tracked changes affect the build of the package only: - bsc#891961: Disabled /sbin/service legacy-action hooks The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2016-293,SUSE-SLE-SDK-12-2016-293,SUSE-SLE-SERVER-12-2016-293 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160540-1/ Link for SUSE-SU-2016:0540-1 https://lists.suse.com/pipermail/sle-security-updates/2016-February/001889.html E-Mail link for SUSE-SU-2016:0540-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/880984 SUSE Bug 880984 https://bugzilla.suse.com/891961 SUSE Bug 891961 https://bugzilla.suse.com/910686 SUSE Bug 910686 https://bugzilla.suse.com/912098 SUSE Bug 912098 https://bugzilla.suse.com/919959 SUSE Bug 919959 https://bugzilla.suse.com/926159 SUSE Bug 926159 https://bugzilla.suse.com/928390 SUSE Bug 928390 https://bugzilla.suse.com/936923 SUSE Bug 936923 https://bugzilla.suse.com/947780 SUSE Bug 947780 https://bugzilla.suse.com/956159 SUSE Bug 956159 https://bugzilla.suse.com/960506 SUSE Bug 960506 https://bugzilla.suse.com/961305 SUSE Bug 961305 https://www.suse.com/security/cve/CVE-2015-8605/ SUSE CVE CVE-2015-8605 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12 dhcp-4.2.6-14.3.1 dhcp-client-4.2.6-14.3.1 dhcp-devel-4.2.6-14.3.1 dhcp-relay-4.2.6-14.3.1 dhcp-server-4.2.6-14.3.1 dhcp-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Desktop 12 dhcp-client-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Desktop 12 dhcp-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server 12 dhcp-client-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server 12 dhcp-relay-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server 12 dhcp-server-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server 12 dhcp-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 dhcp-client-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 dhcp-relay-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 dhcp-server-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 dhcp-devel-4.2.6-14.3.1 as a component of SUSE Linux Enterprise Software Development Kit 12 ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. CVE-2015-8605 SUSE Linux Enterprise Desktop 12:dhcp-4.2.6-14.3.1 SUSE Linux Enterprise Desktop 12:dhcp-client-4.2.6-14.3.1 SUSE Linux Enterprise Server 12:dhcp-4.2.6-14.3.1 SUSE Linux Enterprise Server 12:dhcp-client-4.2.6-14.3.1 SUSE Linux Enterprise Server 12:dhcp-relay-4.2.6-14.3.1 SUSE Linux Enterprise Server 12:dhcp-server-4.2.6-14.3.1 SUSE Linux Enterprise Server for SAP Applications 12:dhcp-4.2.6-14.3.1 SUSE Linux Enterprise Server for SAP Applications 12:dhcp-client-4.2.6-14.3.1 SUSE Linux Enterprise Server for SAP Applications 12:dhcp-relay-4.2.6-14.3.1 SUSE Linux Enterprise Server for SAP Applications 12:dhcp-server-4.2.6-14.3.1 SUSE Linux Enterprise Software Development Kit 12:dhcp-devel-4.2.6-14.3.1 moderate 5.7 AV:A/AC:M/Au:N/C:N/I:N/A:C 5.7 AV:A/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20160540-1/ https://www.suse.com/security/cve/CVE-2015-8605.html CVE-2015-8605 https://bugzilla.suse.com/961305 SUSE Bug 961305