[Buildroot] [PATCH master] dhcp: add upstream security fixes
Peter Korsgaard
peter at korsgaard.com
Sat Mar 3 22:26:39 UTC 2018
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> CVE-2018-5732: The DHCP client incorrectly handled certain malformed
> responses. A remote attacker could use this issue to cause the DHCP
> client to crash, resulting in a denial of service, or possibly execute
> arbitrary code. In the default installation, attackers would be isolated
> by the dhclient AppArmor profile.
> CVE-2018-5733: The DHCP server incorrectly handled reference counting. A
> remote attacker could possibly use this issue to cause the DHCP server
> to crash, resulting in a denial of service.
> Both issues are fixed in version 4.4.1. But we are close to release, so
> backport the fixes instead of bumping version.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list