This bug was fixed in the package dhcpcd - 1:3.2.3-9ubuntu0.1
---------------
dhcpcd (1:3.2.3-9ubuntu0.1) oneiric-security; urgency=high
* SECURITY UPDATE: dhcpcd before 5.2.12 allows remote attackers to
execute arbitrary commands via shell metacharacters in a hostname
obtained from a DHCP message. (LP: #931036)
-
https://build.opensuse.org/package/view_file?file=dhcpcd-3.2.3-option-checks.diff&package=dhcpcd&project=network%3Adhcp&rev=52442e5c1d803d7c1818a920a0bae7f1
- above linked patch(without the additional support for NETBIOS type
messages) has been added.
- CVE-2011-0996
-- Zubin Mithra <[email protected]> Mon, 13 Feb 2012 14:27:54 +0530
** Changed in: dhcpcd (Ubuntu Oneiric)
Status: Fix Committed => Fix Released
** Changed in: dhcpcd (Ubuntu Natty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/931036
Title:
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary
commands via shell metacharacters in a hostname obtained from a DHCP
message.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/931036/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
