![[LWN Logo]](/images/lcorner.png)
![[Timeline]](/images/Included.png)
|
|
|
|
Date: Wed, 19 Jul 2000 22:46:32 -0700 From: Ted Lemon <mellon@NOMINUM.COM> Subject: New DHCP releases: 2.0pl3 and 3.0b1pl17 To: BUGTRAQ@SECURITYFOCUS.COM These releases fix a lingering security problem that was partially fixed in 2.0pl2 and 3.0b1pl14 that made it possible for a rogue DHCP server to provide information to the DHCP client that would cause it to execute arbitrary commands as root. This fix is similar to a fix implemented by the OpenBSD folks. IF YOU ARE RUNNING VERSIONS OF THE ISC DHCP CLIENT PRIOR to 2.0pl2 or 3.0b1pl17, PLEASE UPGRADE ASAP. This patch is NOT necessary for ISC DHCP server users - only for users of the ISC DHCP client. Users of the ISC DHCP client from the head of the anoncvs tree prior to July 20 at 5:36 AM, UTC, should also upgrade. Both versions of the ISC DHCP Distribution are available at ftp://ftp.isc.org/isc/dhcp. _MelloN_