Arch Linux 811 Published by

The following updates are available for Arch Linux:

ASA-201803-3: dhclient: denial of service
ASA-201803-4: dhcp: denial of service



ASA-201803-3: dhclient: denial of service

Arch Linux Security Advisory ASA-201803-3
=========================================

Severity: High
Date : 2018-03-05
CVE-ID : CVE-2018-5732
Package : dhclient
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-648

Summary
=======

The package dhclient before version 4.4.1-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 4.4.1-1.

# pacman -Syu "dhclient>=4.4.1-1"

The problem has been fixed upstream in version 4.4.1.

Workaround
==========

None.

Description
===========

An out-of-bound memory access flaw was found in the way dhclient
processed a DHCP response packet. A malicious DHCP server could
potentially use this flaw to crash dhclient processes running on DHCP
client machines via a crafted DHCP response packet.

Impact
======

A remote attacker is able to crash the dhclient processes via a crafted
DHCP response packet.

References
==========

https://kb.isc.org/article/AA-01565
https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=c5931725b48b121d232df4ba9e45bc41e0ba114d
https://bugs.isc.org/Public/Bug/Display.html?id=47139
https://security.archlinux.org/CVE-2018-5732


ASA-201803-4: dhcp: denial of service

Arch Linux Security Advisory ASA-201803-4
=========================================

Severity: High
Date : 2018-03-05
CVE-ID : CVE-2018-5733
Package : dhcp
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-646

Summary
=======

The package dhcp before version 4.4.1-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 4.4.1-1.

# pacman -Syu "dhcp>=4.4.1-1"

The problem has been fixed upstream in version 4.4.1.

Workaround
==========

None.

Description
===========

A denial of service flaw was found in the way dhcpd handled reference
counting when processing client requests. A malicious DHCP client could
use this flaw to trigger a reference count overflow on the server side,
potentially causing dhcpd to crash, by sending large amounts of
traffic.

Impact
======

A remote attacker is able to crash the dhcpd process by sending large
amounts of traffic.

References
==========

https://kb.isc.org/article/AA-01567
https://lists.isc.org/pipermail/dhcp-announce/2018-February/000418.html
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=197b26f25309f947b97a83b8fdfc414b767798f8
https://bugs.isc.org/Public/Bug/Display.html?id=47140
https://security.archlinux.org/CVE-2018-5733