![[LWN Logo]](/images/lwn.banner.gif)
To: redhat-watch-list@redhat.com
From: "Michael K. Johnson" <johnsonm@redhat.com>
Subject: [CORRECTION] Bugs fixed in pump (DHCP client)
Date: Sat, 14 Aug 1999 21:07:41 -0400
---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: Bugs fixed in pump (DHCP client) [CORRECTION]
Advisory ID: RHSA-1999:027-02
Issue date: 1999-08-11
Updated on: 1999-08-14
Keywords: pump DHCP RoadRunner @Home
Cross references:
---------------------------------------------------------------------
1. Topic:
New version of pump, 0.7.0, fixes several problems, including a
potential security hole. We strongly recommend that all users
using DHCP upgrade to pump 0.7.0, particularly if you use DHCP
on a public network such as a cable modem or ADSL service.
This is a correction to our previous announcement, which did not
mention the security bug that is fixed in pump 0.7.0.
2. Bug IDs fixed:
3263
3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures.
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel:
ftp://ftp.redhat.com/redhat/updates/6.0/i386/pump-0.7.0-1.i386.rpm
Alpha:
ftp://ftp.redhat.com/redhat/updates/6.0/alpha/pump-0.7.0-1.alpha.rpm
Sparc:
ftp://ftp.redhat.com/redhat/updates/6.0/sparc/pump-0.7.0-1.sparc.rpm
Source packages:
ftp://ftp.redhat.com/redhat/updates/6.0/SRPMS/pump-0.7.0-1.src.rpm
7. Problem description:
o DHCP did not work with some @Home and RoadRunner (and potentially
other) servers.
o Some (broken) servers did not return server address properly; in these
cases, pump now reuses the broadcast address.
o There was a security hole with the potential for a remote root
exploit in certain configurations where DHCP is used on public
networks
8. Solution:
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
9. Verification:
MD5 sum Package Name
--------------------------------------------------------------------------
a93c710c0ce18e79b3dd33d268ae7752 i386/pump-0.7.0-1.i386.rpm
53df0de539645b34ad93272f3b4e6d97 alpha/pump-0.7.0-1.alpha.rpm
d56bac8b659b353894092869782d59cc sparc/pump-0.7.0-1.sparc.rpm
2f18a5c39cdd327e0406df1ab5308549 SRPMS/pump-0.7.0-1.src.rpm
These packages are PGP signed by Red Hat Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp <filename>
10. References:
--
To unsubscribe: mail redhat-watch-list-request@redhat.com with
"unsubscribe" as the Subject.