Package: dhcp3-server
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for dhcp3.
CVE-2009-1892[0]:
| dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and
| hardware ethernet configuration settings are both used, allows remote
| attackers to cause a denial of service (daemon crash) via unspecified
| requests.
The patch that was used for the DSA is attached.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1892
http://security-tracker.debian.net/tracker/CVE-2009-1892
#! /bin/sh /usr/share/dpatch/dpatch-run
## server-clientid-crash.dpatch by Christoh Biedl <debian.packages.h...@manchmal.in-ulm.de>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Server assert involving client IDs (CVE-2009-1892)
@DPATCH@
diff -urNad git~/server/dhcp.c git/server/dhcp.c
--- git~/server/dhcp.c 2009-07-12 22:03:17.000000000 +0200
+++ git/server/dhcp.c 2009-07-12 22:04:42.000000000 +0200
@@ -1747,6 +1747,8 @@
host_reference (&host, h, MDL);
}
if (!host) {
+ if (hp)
+ host_dereference (&hp, MDL);
find_hosts_by_haddr (&hp,
packet -> raw -> htype,
packet -> raw -> chaddr,
