ports/159698: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server

Thu Aug 11 19:10:10 UTC 2011

>Number:         159698
>Category:       ports
>Synopsis:       [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Aug 11 19:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Wesley Shields
>Release:        FreeBSD 8.2-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD syn.csh.rit.edu 8.2-RELEASE-p2 FreeBSD 8.2-RELEASE-p2 #3: Sun May 29 08:12:53 EDT 2011 root at syn.csh.rit.edu:/usr/obj/usr/src/sys/GENERIC amd64

>Description:
ISC released an advisory for their DHCP server. The attached patch updates
both net/isc-dhcp41-server and net/isc-dhcp31-server to their latest
versions.

I'm also attaching a vuxml entry for this.

I'm willing to commit both of these immediately, given that they are
security relevant. However, since they are at least in the case of
net/isc-dhcp31-server contain other updates (going to -R3 skipping -R1, -R2
was never released) I'd like to give Josh a couple of days to comment on it.

http://www.isc.org/software/dhcp/advisories/cve-2011-2748

>How-To-Repeat:
N/A
>Fix:

Index: vuln.xml
===================================================================
RCS file: /ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2406
diff -u -r1.2406 vuln.xml

--- vuln.xml	11 Aug 2011 08:37:56 -0000	1.2406
+++ vuln.xml	11 Aug 2011 18:34:23 -0000
@@ -34,6 +34,38 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="510b630e-c43b-11e0-916c-00e0815b8da8">
+    <topic>isc-dhcp-server -- server halt upon processing certain packets</topic>
+    <affects>
+      <package>
+	<name>isc-dhcp31-server</name>
+	<range><lt>3.1.ESV_1,1</lt></range>
+      </package>
+      <package>
+	<name>isc-dhcp41-server</name>
+	<range><lt>isc-dhcp41-server-4.1.e_2,2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>ISC reports:</p>
+	<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-2748">
+	  <p>A pair of defects cause the server to halt upon processing certain
+	    packets. The patch is to properly discard or process those packets. 
+	  </p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2011-2748</cvename>
+      <cvename>CVE-2011-2749</cvename>
+    </references>
+    <dates>
+      <discovery>2011-11-10</discovery>
+      <entry>2011-04-11</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="304409c3-c3ef-11e0-8aa5-485d60cb5385">
     <topic>libXfont -- possible local privilege escalation</topic>
     <affects>


Index: net/isc-dhcp31-server/Makefile
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp31-server/Makefile,v
retrieving revision 1.134
diff -u -r1.134 Makefile
--- net/isc-dhcp31-server/Makefile	10 Jul 2011 03:24:46 -0000	1.134
+++ net/isc-dhcp31-server/Makefile	11 Aug 2011 18:37:21 -0000
@@ -15,12 +15,12 @@
 MASTER_SITE_SUBDIR=	dhcp dhcp/dhcp-3.1-history
 PKGNAMEPREFIX=	isc-
 PKGNAMESUFFIX=	31-${SUBSYS}
-DISTNAME=	${PORTNAME}-3.1-ESV
+DISTNAME=	${PORTNAME}-3.1-ESV-R3
 
 MAINTAINER=	jpaetzel at FreeBSD.org
 COMMENT?=	The ISC Dynamic Host Configuration Protocol server
 
-PORTREVISION_SERVER=	0
+PORTREVISION_SERVER=	1
 PORTREVISION_CLIENT=	0
 PORTREVISION_RELAY=	0
 PORTREVISION_DEVEL=	0
Index: net/isc-dhcp31-server/distinfo
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp31-server/distinfo,v
retrieving revision 1.64
diff -u -r1.64 distinfo
--- net/isc-dhcp31-server/distinfo	20 Mar 2011 12:51:32 -0000	1.64
+++ net/isc-dhcp31-server/distinfo	11 Aug 2011 18:32:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (dhcp-3.1-ESV.tar.gz) = e316b7dc34f05e38724273a473f823719281f229a71a80bc358f8e74687fd7d7
-SIZE (dhcp-3.1-ESV.tar.gz) = 797454
+SHA256 (dhcp-3.1-ESV-R3.tar.gz) = fb86e124c1fe57d6d6376ceb3eb025320cce5b98002b614e1540fc21a88d6bc6
+SIZE (dhcp-3.1-ESV-R3.tar.gz) = 799075
Index: net/isc-dhcp41-server/Makefile
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp41-server/Makefile,v
retrieving revision 1.24
diff -u -r1.24 Makefile
--- net/isc-dhcp41-server/Makefile	10 Jul 2011 03:24:46 -0000	1.24
+++ net/isc-dhcp41-server/Makefile	11 Aug 2011 18:31:53 -0000
@@ -21,8 +21,8 @@
 
 LICENSE=	ISCL
 
-PATCHLEVEL=	R2
-PORTREVISION_SERVER=	1
+PATCHLEVEL=	R3
+PORTREVISION_SERVER=	2
 PORTREVISION_CLIENT=	0
 PORTREVISION_RELAY=	2
 
Index: net/isc-dhcp41-server/distinfo
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp41-server/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- net/isc-dhcp41-server/distinfo	10 Apr 2011 21:40:52 -0000	1.6
+++ net/isc-dhcp41-server/distinfo	11 Aug 2011 18:31:38 -0000
@@ -1,4 +1,2 @@
-SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03
-SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285
-SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
-SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
+SHA256 (dhcp-4.1-ESV-R3.tar.gz) = 0bed3380e1daf6f17e3524d5ef282c8f0d2ca1f455479463bf15f0d44b76c615
+SIZE (dhcp-4.1-ESV-R3.tar.gz) = 1103284
>Release-Note:
>Audit-Trail:
>Unformatted:

