A dhcpcd5 security update has been released for Debian GNU/Linux 9 Extended LTS to address several security vulnerabilities.
ELA-742-1 dhcpcd5 security update
Package : dhcpcd5
ELA-742-1 dhcpcd5 security update
Version : 6.10.1-1+deb9u1 (stretch)
Related CVEs :
CVE-2019-11578
CVE-2019-11579
Several security vulnerabilities have been discovered in dhcpcd5, a DHCPv4 and
DHCPv6 dual-stack client.
CVE-2019-11579:
dhcp.c in dhcpcd contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
CVE-2019-11578:
auth.c in dhcpcd allowed attackers to infer secrets by performing latency attacks.
