ELA-704-1 isc-dhcp security update
Package isc-dhcp
ELA-704-1 isc-dhcp security update
Version 4.3.1-6+deb8u6 (jessie), 4.3.5-3+deb9u3 (stretch)
Related CVEs CVE-2022-2928 CVE-2022-2929
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server.
CVE-2022-2928
It was discovered that the DHCP server does not correctly perform
option reference counting when configured with "allow leasequery;".
A remote attacker can take advantage of this flaw to cause a denial
of service (daemon crash).
CVE-2022-2929
It was discovered that the DHCP server is prone to a memory leak
flaw when handling contents of option 81 (fqdn) data received in
a DHCP packet. A remote attacker can take advantage of this flaw
to cause DHCP servers to consume resources, resulting in denial
of service.
For Debian 8 jessie, these problems have been fixed in version 4.3.1-6+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 4.3.5-3+deb9u3.
We recommend that you upgrade your isc-dhcp packages.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support
An isc-dhcp security update has been released for Debian GNU/Linux 8 Extended LTS to address several vulnerabilities.
