Debian 10264 Published by

An isc-dhcp security update has been released for Debian GNU/Linux 8 Extended LTS to address several vulnerabilities.



ELA-704-1 isc-dhcp security update

Package isc-dhcp
Version 4.3.1-6+deb8u6 (jessie), 4.3.5-3+deb9u3 (stretch)
Related CVEs CVE-2022-2928 CVE-2022-2929

Several vulnerabilities have been discovered in the ISC DHCP client, relay and server.

CVE-2022-2928

It was discovered that the DHCP server does not correctly perform
option reference counting when configured with "allow leasequery;".
A remote attacker can take advantage of this flaw to cause a denial
of service (daemon crash).
CVE-2022-2929

It was discovered that the DHCP server is prone to a memory leak
flaw when handling contents of option 81 (fqdn) data received in
a DHCP packet. A remote attacker can take advantage of this flaw
to cause DHCP servers to consume resources, resulting in denial
of service.


For Debian 8 jessie, these problems have been fixed in version 4.3.1-6+deb8u6.

For Debian 9 stretch, these problems have been fixed in version 4.3.5-3+deb9u3.

We recommend that you upgrade your isc-dhcp packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support

  ELA-704-1 isc-dhcp security update