Low CentOS dhcp Update

Metadata

high
7.1
dhclient-4.1.1-34.P1.el6.centos.i686.rpm, dhclient-4.1.1-34.P1.el6.centos.x86_64.rpm, dhcp-4.1.1-34.P1.el6.centos.i686.rpm, dhcp-4.1.1-34.P1.el6.centos.src.rpm, dhcp-4.1.1-34.P1.el6.centos.x86_64.rpm, dhcp-common-4.1.1-34.P1.el6.centos.i686.rpm, dhcp-common-4.1.1-34.P1.el6.centos.x86_64.rpm, dhcp-devel-4.1.1-34.P1.el6.centos.i686.rpm, dhcp-devel-4.1.1-34.P1.el6.centos.x86_64.rpm
CVE-2012-3955
rhn.redhat.com, lists.centos.org, lists.centos.org
2013-03-09
2017-07-27 19:05
ALAS-2013-157
CVE-2012-3955 isc-dhcp
CVE-2012-3955
2017-04-01 19:06
2017-01-05 20:10

Description


Updated dhcp packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP)
that allows individual devices on an IP network to get their own network
configuration information, including an IP address, a subnet mask, and a
broadcast address.

A flaw was found in the way the dhcpd daemon handled the expiration time of
IPv6 leases. If dhcpd's configuration was changed to reduce the default
IPv6 lease time, lease renewal requests for previously assigned leases
could cause dhcpd to crash. (CVE-2012-3955)

This update also fixes the following bugs:

* Prior to this update, the DHCP server discovered only the first IP
address of a network interface if the network interface had more than one
configured IP address. As a consequence, the DHCP server failed to
restart if the server was configured to serve only a subnet of the
following IP addresses. This update modifies network interface addresses
discovery code to find all addresses of a network interface. The DHCP
server can also serve subnets of other addresses. (BZ#803540)

* Prior to this update, the dhclient rewrote the /etc/resolv.conf file
with backup data after it was stopped even when the PEERDNS flag was set
to "no" before shut down if the configuration file was changed while the
dhclient ran with PEERDNS=yes. This update removes the backing up and
restoring functions for this configuration file from the dhclient-script.
Now, the dhclient no longer rewrites the /etc/resolv.conf file when
stopped. (BZ#824622)

All users of DHCP are advised to upgrade to these updated packages, which
fix these issues. After installing this update, all DHCP servers will be
restarted automatically.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
6 dhclient dhclient-4.1.1-34.P1.el6.centos.i686.rpm
dhclient dhclient-4.1.1-34.P1.el6.centos.x86_64.rpm
dhcp dhcp-4.1.1-34.P1.el6.centos.i686.rpm
dhcp dhcp-4.1.1-34.P1.el6.centos.src.rpm
dhcp dhcp-4.1.1-34.P1.el6.centos.x86_64.rpm
dhcp-common dhcp-common-4.1.1-34.P1.el6.centos.i686.rpm
dhcp-common dhcp-common-4.1.1-34.P1.el6.centos.x86_64.rpm
dhcp-devel dhcp-devel-4.1.1-34.P1.el6.centos.i686.rpm
dhcp-devel dhcp-devel-4.1.1-34.P1.el6.centos.x86_64.rpm