Your message dated Sat, 22 Jun 2024 10:32:08 +0000
with message-id <[email protected]>
and subject line Bug#1050805: fixed in dhcpcd5 9.4.1-24~deb12u4
has caused the Debian Bug report #1050805,
regarding dhcpcd-base: DoS: zero-length packet cause eventual lease expiration
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1050805: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050805
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dhcpcd-base
Version: 9.4.1-22
Severity: critical
Tags: security
Justification: breaks unrelated software
X-Debbugs-Cc: Debian Security Team <[email protected]>
When the dhcpcd DHCPv4 client receives a zero-length UDP packet on port
68, the "network proxy" dhcpcd process exits with status 0. dhcpcd then
stops all network activity: It does not renew leases and eventually expires
the current lease (unless it has infinite duration) and removes the IP
address, leaving the system without networking.
This bug can be triggered remotely over the internet from any UDP port
and is critical on an internet-facing system that needs DHCP to get
an IP address, such as a gateway, a dedicated server or a VM.
This affects version 9.4.1-22 (stable) and 1:9.4.1-24~deb12u2
(stable proposed update) but not 1:10.0.2-4 (testing/unstable) as
upstream fixed it in 10.0.2:
Upstream Bug report: https://github.com/NetworkConfiguration/dhcpcd/issues/179
Upstream Fix:
https://github.com/NetworkConfiguration/dhcpcd/commit/8b29c0ddf026c1c5647c3b8c6cfe21699c4056ae
This patch does not apply cleanly to 9.4.1 because the privsep
structure changed in 10.0.2. It's likely that only the src/privsep.c
hunks about len == 0 and eloop_exit() needs to be backported, the other
changes are just here to avoid compiler warnings about unused
parameters.
-- System Information:
Debian Release: 12.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.1.0-11-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages dhcpcd-base depends on:
ii adduser 3.134
ii libc6 2.36-9+deb12u1
ii libudev1 252.12-1~deb12u1
Versions of packages dhcpcd-base recommends:
pn wpasupplicant <none>
Versions of packages dhcpcd-base suggests:
ii openresolv [resolvconf] 3.12.0-3
-- Configuration Files:
/etc/dhcpcd.conf changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: dhcpcd5
Source-Version: 9.4.1-24~deb12u4
Done: Martin-Éric Racine <[email protected]>
We believe that the bug you reported is fixed in the latest version of
dhcpcd5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin-Éric Racine <[email protected]> (supplier of updated dhcpcd5
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 15 Jun 2024 12:37:49 +0300
Source: dhcpcd5
Architecture: source
Version: 9.4.1-24~deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: Martin-Éric Racine <[email protected]>
Changed-By: Martin-Éric Racine <[email protected]>
Closes: 1050805 1057959
Changes:
dhcpcd5 (9.4.1-24~deb12u4) bookworm; urgency=medium
.
* Add --no-stop-on-upgrade --no-restart-after-upgrade (Closes: #1057959).
* Cherry-pick upstream backported fixes for RC bug (Closes: #1050805).
* Update dhcpcd.preinst version check to match current one.
Checksums-Sha1:
d340bbdb4418776198fa2ecb5f7e2d2a5ef32885 2103 dhcpcd5_9.4.1-24~deb12u4.dsc
9c8144f43c155835aafaf909efdc0c0beaa6ddc1 25832
dhcpcd5_9.4.1-24~deb12u4.debian.tar.xz
53a00f8285d60e2b0ca8660b1e58b74292dcc48b 5350
dhcpcd5_9.4.1-24~deb12u4_source.buildinfo
Checksums-Sha256:
bf82ad59a697f1019a51905c9c930ffb001b228666a4ea2f1845c1d9ebcc81b6 2103
dhcpcd5_9.4.1-24~deb12u4.dsc
aef79207e682132b92167f63a7ca02f06efeb5bcd06da3cdf165fe9750b88ac2 25832
dhcpcd5_9.4.1-24~deb12u4.debian.tar.xz
2f1061dc8078ead2dee5c6a74cc89ccd5de62445635cfbad36dcf14dabaab91b 5350
dhcpcd5_9.4.1-24~deb12u4_source.buildinfo
Files:
48ccd22ff4e6dbac50031c06277899d4 2103 net optional dhcpcd5_9.4.1-24~deb12u4.dsc
4bea62a07d60a857f5495c8da544022a 25832 net optional
dhcpcd5_9.4.1-24~deb12u4.debian.tar.xz
9178c0216ce49683ebf7025a6cfb79da 5350 net optional
dhcpcd5_9.4.1-24~deb12u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmZ1YnQACgkQ7nvd5Lhr
VxNeTRAAlUk44GDM9ei3q9gwejwF0S6O8ml+Q+przcQ2mfHU0i1P/lhfZRp7jF9R
eq49ZC4AI1moiO8B40jraLQHX55MWzeSuU09bSnuydGVM9SqbMmOrtrag1TmlhsI
4hfHGcQ8mRdR5C/p+WwPzXeCiV7jCtS4CBmvvl8HWb4L/T3WJnPSeU6Xxh0bBbJ/
EwO3F5wpTlOGqhRpehDHDfdo9uPwUNMMi/xpk4DbEYWfNZEcPpxOQkgTRIdrMF7W
s++nSa0Gcgf7RWNqtdGxCEYNNaW6lkctEUtvpq5dot3/EkbKkseoK/AltOaCaWtF
NiBQaoSfmKxIdr5Vtdv/WRX+Ap1L7SJsRfzcOTMWRcrxZ4+f99QXgF6/j5qPvYtz
9HHXd1OyHYl645TSG1SnlHA52+ERJQtCZdqdtU52XB1H/j7Gz6PCwXcGbzN3Ndg+
CiwJ9xVTLY/vmADkwPKsbydJaFXgTjqHTTirN8Dz6thi5lgGeL6LuS6XgKl0Yg5J
BtwfQkGNIr/euKLpDWfsx5SuTM4ynCPRCouJzmCv2mWoBtjYniw96IEooT9l2b7z
AwmEPTBI2pxC7cfAO3mmdLTVnDUz8Wn/yL/4RyAHi5lhOK9LILw6xyDKr/AFLs6D
WU+b0h6iKJCX/WhXWCWO/j/QwfHaUfSpAI/jyYK9xSRwo1Ii5Ew=
=FQ2c
-----END PGP SIGNATURE-----
pgpJsflHs1xs9.pgp
Description: PGP signature
--- End Message ---
