Your message dated Sat, 10 Mar 2018 23:18:09 +0000
with message-id <[email protected]>
and subject line Bug#887413: fixed in isc-dhcp 4.3.1-6+deb8u3
has caused the Debian Bug report #887413,
regarding isc-dhcp: CVE-2017-3144: dhcp: omapi code doesn't free socket
descriptors when empty message is received allowing denial-of-service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
887413: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887413
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: isc-dhcp
Version: 4.3.1-6
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for isc-dhcp.
CVE-2017-3144[0]:
|dhcp: omapi code doesn't free socket descriptors when empty message is
|received allowing denial-of-service
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-3144
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1522918
[2]
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: isc-dhcp
Source-Version: 4.3.1-6+deb8u3
We believe that the bug you reported is fixed in the latest version of
isc-dhcp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated isc-dhcp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Mar 2018 11:20:38 +0100
Source: isc-dhcp
Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-dbg isc-dhcp-server-ldap
isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg
isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg
Architecture: source
Version: 4.3.1-6+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian ISC DHCP maintainers <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 887413 891785 891786
Description:
isc-dhcp-client - DHCP client for automatically obtaining an IP address
isc-dhcp-client-dbg - ISC DHCP server for automatic IP address assignment
(client debug
isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb)
isc-dhcp-common - common files used by all of the isc-dhcp packages
isc-dhcp-dbg - ISC DHCP server for automatic IP address assignment (debuging
sym
isc-dhcp-dev - API for accessing and modifying the DHCP server and client state
isc-dhcp-relay - ISC DHCP relay daemon
isc-dhcp-relay-dbg - ISC DHCP server for automatic IP address assignment
(relay debug)
isc-dhcp-server - ISC DHCP server for automatic IP address assignment
isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment
(server debug
isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend
Changes:
isc-dhcp (4.3.1-6+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413)
* Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785)
* Correct buffer overrun in pretty_print_option (CVE-2018-5732)
(Closes: #891786)
Checksums-Sha1:
33ee8547bc7752fb856ab15e89be074959437d24 2932 isc-dhcp_4.3.1-6+deb8u3.dsc
09e24193a2c4533d983ef04c165f2166ed5cf537 83408
isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz
Checksums-Sha256:
5d7225a4ac38cdf7dd4a298e95a59207a28ce1975feb9869ff5dd0049000784c 2932
isc-dhcp_4.3.1-6+deb8u3.dsc
932e7e4d99036aa0b446bac1b9c6ac7d289cbaa4300ba96ef2d3e9bd0d6020e4 83408
isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz
Files:
0d8d5e28391d45dd13552a77707f53bb 2932 net important isc-dhcp_4.3.1-6+deb8u3.dsc
28829aa858547ad19cbadf8d74ab127e 83408 net important
isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqbzytfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQBUQAIK/cOhveoExk4I5f7M7/K7+j51I6TXH
0q5Vuc0ERKiE2KwpL8/OGN3nmlKB/b6gP1T231WvrwzZqdjLgndJ2s56QBHknE0k
gX05IkpeXg5J5XW3G96nJrvW5HKSlOhdSMe9xM5yjKhUctspHH2yDJRFobT+Rns1
tdQMqrvno6CgyHkA7JJsUHQrK35CKjW/1bR2ipTPcstZ1WrjnX6vmzykN5mhbYMw
Dx2i2jpLrGEZ1blC3VpOiSGf8sCZhcibOKy/wPGUIf5LR775wIAWqN0FPQRyo0k7
5f49gmnMrYcuI0nxwIgeLrZU1gWRroHj1Pvw95X3N964yOB4DhlIoE25gNG8ZHFU
gSolgonNQdf4KbeTMqCwfU9RJ5cbVNIBJBllBKyajgdimDRmJ3iha1DpLeZEL1sG
DkmFIIg5YrJf/CCu/yNHe3CawcsQPsWj6zB1ozuPc+eoNXZ+alk2Vi6cfi3IrEHf
bCOfuJNff74MS+sGHPcz3cyb7J83x9Wx8Javsno04bneSt8tRDtxoIjA1NHy0Gh5
Wi6ARAciUTMjQoYtqiC/HJJ5kfPSeevOfDUbwFh0We10YfZu4x6Bh3tDx0NVrcU5
eBIiqvSqudYilyKYmBS0/3v+NIWA8pYg6O3P1jXFm5zm2UqxF0x9O09vsRkIoTZj
JqINx0nY9C0K
=72jv
-----END PGP SIGNATURE-----
--- End Message ---
