[LWN Logo]
[Timeline]
Date: Sun, 02 Jul 2000 17:13:57 +0200
From: Gael Duval <gduval@mandrakesoft.com>
Newsgroups: alt.os.linux.mandrake
To: security-announce@linux-mandrake.com
Subject: [Security Announce] dhcp update

-------------------------------------

   Linux-Mandrake Security Update

-------------------------------------

Date: July, 2nd 2000

Package name: dhcp

Affected versions: 6.0 6.1 7.0 7.1

Problem:
The OpenBSD team discovered a vulnerability in it that allows for
remote exploitation by a corrupt dhcp server, (or an attacker
pretending to be a dhcp server). If this vulnerability is exploited,
root access can be gained on the host running dhcp client remotely.
The problem is that input is not checked and, as a result, it is
possible to execute commands remotely when the network config files
are being written on the dhcp client.

Please upgrade to:
md5 sum: 9621fbe7b5fbf14063c4806bf2c1e141
6.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm

md5 sum: 0ee7eac80fad4382014c9b2f9181b7d8
6.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm

md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 6.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm


md5 sum: 32915a170c38fe45032e75421dfd4178
6.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm

md5 sum: 389c7f48a36ec81528e2f9cdaefc0521
6.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm

md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 6.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm


md5 sum: 431442f90603708c0dae624e5d282a92
7.0/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm

md5 sum: 08b74d01dd76b64ed48719484c8c4fb1
7.0/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm

md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 7.0/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm


md5 sum: 57ef403c1a6f5734b1ac63dcde854ae8
7.1/RPMS/dhcp-3.0b1pl12-6mdk.i586.rpm

md5 sum: d8d3a7bfb145c7c2f5cfdd2127333c67
7.1/RPMS/dhcp-client-3.0b1pl12-6mdk.i586.rpm

md5 sum: 9469c360585a2dc69eccf6fbaf3e9099
src: 7.1/SRPMS/dhcp-3.0b1pl12-6mdk.src.rpm

To upgrade automatically, use « MandrakeUpdate ». If you want to
upgrade manually, download the updated package from one of our FTP
server mirrors and uprade with "rpm -Uvh package_name". All mirrors
are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.

For example, if you are looking for an updated RPM package for
Mandrake 7.1, look for it in: updates/7.1/RPMS/

Notes:
- we give the md5 sum for each package. It lets you check the
integrity of the downloaded package by running the md5sum command on
the package ("md5sum package.rpm").
- you generally do not need to download the source package with a
.src.rpm suffix