Send dhcp-users mailing list submissions to dhcp-users@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit https://lists.isc.org/mailman/listinfo/dhcp-users or, via email, send a message with subject or body 'help' to dhcp-users-requ...@lists.isc.org You can reach the person managing the list at dhcp-users-ow...@lists.isc.org When replying, please edit your Subject line so it is more specific than "Re: Contents of dhcp-users digest..." Today's Topics: 1. Regarding RedHat vulnerability CVE-2018-1111 (Michael McNally) ---------------------------------------------------------------------- Message: 1 Date: Tue, 15 May 2018 13:46:32 -0800 From: Michael McNally <mcna...@isc.org> To: dhcp-users@lists.isc.org Subject: Regarding RedHat vulnerability CVE-2018-1111 Message-ID: <c00d0b70-ef1a-25d3-ba42-fde959a4e...@isc.org> Content-Type: text/plain; charset=utf-8 Today RedHat announced CVE-2018-1111, a critical vulnerability in their DHCP client package that is being referred to generically in some discussions as a "DHCP vulnerability." In order to address any concerns that might arise we thought we ought to send a short statement concerning the impact on ISC DHCP packages. We have examined the RedHat vulnerability and conclude that users of stock ISC DHCP should not be at risk. Details on the RedHat vulnerability are available from RedHat: https://access.redhat.com/security/vulnerabilities/3442151 but the most important bit to know is that the vulnerability which permits command injection is present in a client script which was provided by RedHat. RedHat does use dhclient code derived from ISC's but the vulnerability is in an extension that they added; it's not present in a build from source of DHCP packages distributed by ISC and we wanted to reassure you that unless you are using the additional client scripts provided by RedHat you are not vulnerable to this issue. Additionally, we'd like to thank RedHat for informing us about their vulnerability announcement -- giving us the chance to issue this clarification and hopefully avoid confusion and worry among those who are not at risk. Sincerely yours, Michael McNally ISC Security Officer ------------------------------ Subject: Digest Footer _______________________________________________ dhcp-users mailing list dhcp-users@lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-users ------------------------------ End of dhcp-users Digest, Vol 115, Issue 6 ******************************************