Bug#891786: marked as done (isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient)
Your message dated Sat, 10 Mar 2018 23:18:09 + with message-idand subject line Bug#891786: fixed in isc-dhcp 4.3.1-6+deb8u3 has caused the Debian Bug report #891786, regarding isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891786 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: isc-dhcp Version: 4.3.1-6 Severity: important Tags: security upstream Hi, the following vulnerability was published for isc-dhcp. CVE-2018-5732[0]: |A specially constructed response from a malicious server can cause a |buffer overflow in dhclient If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 [1] https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 Regards, Salvatore --- End Message --- --- Begin Message --- Source: isc-dhcp Source-Version: 4.3.1-6+deb8u3 We believe that the bug you reported is fixed in the latest version of isc-dhcp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated isc-dhcp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 04 Mar 2018 11:20:38 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg Architecture: source Version: 4.3.1-6+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian ISC DHCP maintainers Changed-By: Salvatore Bonaccorso Closes: 887413 891785 891786 Description: isc-dhcp-client - DHCP client for automatically obtaining an IP address isc-dhcp-client-dbg - ISC DHCP server for automatic IP address assignment (client debug isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common files used by all of the isc-dhcp packages isc-dhcp-dbg - ISC DHCP server for automatic IP address assignment (debuging sym isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-relay-dbg - ISC DHCP server for automatic IP address assignment (relay debug) isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (server debug isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend Changes: isc-dhcp (4.3.1-6+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413) * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785) * Correct buffer overrun in pretty_print_option (CVE-2018-5732) (Closes: #891786) Checksums-Sha1: 33ee8547bc7752fb856ab15e89be074959437d24 2932 isc-dhcp_4.3.1-6+deb8u3.dsc 09e24193a2c4533d983ef04c165f2166ed5cf537 83408 isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz Checksums-Sha256: 5d7225a4ac38cdf7dd4a298e95a59207a28ce1975feb9869ff5dd0049000784c 2932 isc-dhcp_4.3.1-6+deb8u3.dsc 932e7e4d99036aa0b446bac1b9c6ac7d289cbaa4300ba96ef2d3e9bd0d6020e4 83408 isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz Files: 0d8d5e28391d45dd13552a77707f53bb 2932 net important isc-dhcp_4.3.1-6+deb8u3.dsc 28829aa858547ad19cbadf8d74ab127e 83408 net important isc-dhcp_4.3.1-6+deb8u3.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqbzytfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
Bug#891786: marked as done (isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient)
Your message dated Sat, 10 Mar 2018 23:17:09 + with message-idand subject line Bug#891786: fixed in isc-dhcp 4.3.5-3+deb9u1 has caused the Debian Bug report #891786, regarding isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891786 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: isc-dhcp Version: 4.3.1-6 Severity: important Tags: security upstream Hi, the following vulnerability was published for isc-dhcp. CVE-2018-5732[0]: |A specially constructed response from a malicious server can cause a |buffer overflow in dhclient If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 [1] https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 Regards, Salvatore --- End Message --- --- Begin Message --- Source: isc-dhcp Source-Version: 4.3.5-3+deb9u1 We believe that the bug you reported is fixed in the latest version of isc-dhcp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated isc-dhcp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Mar 2018 17:27:05 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay Architecture: source Version: 4.3.5-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian ISC DHCP maintainers Changed-By: Salvatore Bonaccorso Closes: 887413 891785 891786 Description: isc-dhcp-client - DHCP client for automatically obtaining an IP address isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common manpages relevant to all of the isc-dhcp packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend Changes: isc-dhcp (4.3.5-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413) * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785) * Correct buffer overrun in pretty_print_option (CVE-2018-5732) (Closes: #891786) Checksums-Sha1: 338da0ef3cb08b96d4da99c0608671914b6fce7a 2758 isc-dhcp_4.3.5-3+deb9u1.dsc 283ad78a33d0fa28cb6c338353c66e3d96bf3499 1141640 isc-dhcp_4.3.5.orig.tar.gz e7efef64943a2177ec8f6ce38b282b0781979214 88808 isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz Checksums-Sha256: 45426dfbcf1d0efe22032f8b94e11992071997543c630bde66f403de22f4aa83 2758 isc-dhcp_4.3.5-3+deb9u1.dsc 36fbfbbe4b7d44fa588e34a3339656be9f5ae33748452d243fe5fa5321a115e5 1141640 isc-dhcp_4.3.5.orig.tar.gz 52ebb5fff096ad9a2fa2bf0c148a1b511b85373de70146f0234fed0224613227 88808 isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz Files: 7f26f6068303167de657f3c430bf6186 2758 net important isc-dhcp_4.3.5-3+deb9u1.dsc 2cc305b76cf4a75ae57822f90a122437 1141640 net important isc-dhcp_4.3.5.orig.tar.gz 0bc8871c6179c5b91ff3918320cad3a5 88808 net important isc-dhcp_4.3.5-3+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqbAjhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ErkUP/R6ppMADrvkjX0x8/d2exSLBY4iUPo0d
Bug#891786: marked as done (isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient)
Your message dated Mon, 05 Mar 2018 05:52:39 + with message-idand subject line Bug#891786: fixed in isc-dhcp 4.3.5-3.1 has caused the Debian Bug report #891786, regarding isc-dhcp: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 891786: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891786 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: isc-dhcp Version: 4.3.1-6 Severity: important Tags: security upstream Hi, the following vulnerability was published for isc-dhcp. CVE-2018-5732[0]: |A specially constructed response from a malicious server can cause a |buffer overflow in dhclient If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-5732 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5732 [1] https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 Regards, Salvatore --- End Message --- --- Begin Message --- Source: isc-dhcp Source-Version: 4.3.5-3.1 We believe that the bug you reported is fixed in the latest version of isc-dhcp, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 891...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso (supplier of updated isc-dhcp package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 04 Mar 2018 21:35:31 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-ddns isc-dhcp-client-udeb isc-dhcp-relay Architecture: source Version: 4.3.5-3.1 Distribution: unstable Urgency: medium Maintainer: Debian ISC DHCP maintainers Changed-By: Salvatore Bonaccorso Closes: 887413 891785 891786 Description: isc-dhcp-client - DHCP client for automatically obtaining an IP address isc-dhcp-client-ddns - Dynamic DNS (DDNS) enabled DHCP client isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common manpages relevant to all of the isc-dhcp packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-ldap - DHCP server that uses LDAP as its backend Changes: isc-dhcp (4.3.5-3.1) unstable; urgency=medium . * Non-maintainer upload. * Plugs a socket descriptor leak in OMAPI (CVE-2017-3144) (Closes: #887413) * Corrected refcnt loss in option parsing (CVE-2018-5733) (Closes: #891785) * Correct buffer overrun in pretty_print_option (CVE-2018-5732) (Closes: #891786) Checksums-Sha1: ecb8124333b531ec319084cc951d491bffa8ea71 2738 isc-dhcp_4.3.5-3.1.dsc d72f63506b3d72cfb6ff63cb72005ad1dc0cb294 88780 isc-dhcp_4.3.5-3.1.debian.tar.xz Checksums-Sha256: 4a22b4f74323bbaab93ae9575b4cc1b23caa9a62a192cd9842369be76fe8459d 2738 isc-dhcp_4.3.5-3.1.dsc 253edf711a9aa5bdc00a9ab8920acf337cedd64f3e7566c46a8e307835dfc6d8 88780 isc-dhcp_4.3.5-3.1.debian.tar.xz Files: 749107e35764de87138113db0bc3a4d9 2738 net important isc-dhcp_4.3.5-3.1.dsc 94f0336ee332d7c91711772eef390bf8 88780 net important isc-dhcp_4.3.5-3.1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqcWfVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EJxYP/2FHTJLHuEXWC6O9siDbDz5XKCEH+CsI 4QWfqgHqaHhscEAHoKbFEnLGoSrRdowuBtt7Qr8FGBwApLsVSjuf1xbD9nMJTHHc JNHLt9sbM/7RQgQX08jI+rQFhG0mtutV/t5mjfgI+YbJXIj4w5zU65IbQudBhyoV EYvznglZti8KHfJAey3gFTFIOfSkIC5UJI8lV0Mk2um6IizTrEOIPxnBUvSxZNN9 7a7gUYZ+GoDVB/DHWOdJ4AKZHsIC1IN4E99dEu0Ak5S4px+Li7nfmSRtDkDa137q hOtJ76QN7NPxrsky6r7YUXLNeUO2W7QuMv8B/i5fZDlCpzFpcfG2evrGYevIlupk