ports/159698: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server
Wesley Shields
wxs at FreeBSD.org
Thu Aug 11 19:10:10 UTC 2011
>Number: 159698
>Category: ports
>Synopsis: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Thu Aug 11 19:10:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Wesley Shields
>Release: FreeBSD 8.2-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD syn.csh.rit.edu 8.2-RELEASE-p2 FreeBSD 8.2-RELEASE-p2 #3: Sun May 29 08:12:53 EDT 2011 root at syn.csh.rit.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
ISC released an advisory for their DHCP server. The attached patch updates
both net/isc-dhcp41-server and net/isc-dhcp31-server to their latest
versions.
I'm also attaching a vuxml entry for this.
I'm willing to commit both of these immediately, given that they are
security relevant. However, since they are at least in the case of
net/isc-dhcp31-server contain other updates (going to -R3 skipping -R1, -R2
was never released) I'd like to give Josh a couple of days to comment on it.
http://www.isc.org/software/dhcp/advisories/cve-2011-2748
>How-To-Repeat:
N/A
>Fix:
Index: vuln.xml
===================================================================
RCS file: /ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.2406
diff -u -r1.2406 vuln.xml
--- vuln.xml 11 Aug 2011 08:37:56 -0000 1.2406
+++ vuln.xml 11 Aug 2011 18:34:23 -0000
@@ -34,6 +34,38 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="510b630e-c43b-11e0-916c-00e0815b8da8">
+ <topic>isc-dhcp-server -- server halt upon processing certain packets</topic>
+ <affects>
+ <package>
+ <name>isc-dhcp31-server</name>
+ <range><lt>3.1.ESV_1,1</lt></range>
+ </package>
+ <package>
+ <name>isc-dhcp41-server</name>
+ <range><lt>isc-dhcp41-server-4.1.e_2,2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ISC reports:</p>
+ <blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-2748">
+ <p>A pair of defects cause the server to halt upon processing certain
+ packets. The patch is to properly discard or process those packets.
+ </p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2011-2748</cvename>
+ <cvename>CVE-2011-2749</cvename>
+ </references>
+ <dates>
+ <discovery>2011-11-10</discovery>
+ <entry>2011-04-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="304409c3-c3ef-11e0-8aa5-485d60cb5385">
<topic>libXfont -- possible local privilege escalation</topic>
<affects>
Index: net/isc-dhcp31-server/Makefile
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp31-server/Makefile,v
retrieving revision 1.134
diff -u -r1.134 Makefile
--- net/isc-dhcp31-server/Makefile 10 Jul 2011 03:24:46 -0000 1.134
+++ net/isc-dhcp31-server/Makefile 11 Aug 2011 18:37:21 -0000
@@ -15,12 +15,12 @@
MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.1-history
PKGNAMEPREFIX= isc-
PKGNAMESUFFIX= 31-${SUBSYS}
-DISTNAME= ${PORTNAME}-3.1-ESV
+DISTNAME= ${PORTNAME}-3.1-ESV-R3
MAINTAINER= jpaetzel at FreeBSD.org
COMMENT?= The ISC Dynamic Host Configuration Protocol server
-PORTREVISION_SERVER= 0
+PORTREVISION_SERVER= 1
PORTREVISION_CLIENT= 0
PORTREVISION_RELAY= 0
PORTREVISION_DEVEL= 0
Index: net/isc-dhcp31-server/distinfo
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp31-server/distinfo,v
retrieving revision 1.64
diff -u -r1.64 distinfo
--- net/isc-dhcp31-server/distinfo 20 Mar 2011 12:51:32 -0000 1.64
+++ net/isc-dhcp31-server/distinfo 11 Aug 2011 18:32:26 -0000
@@ -1,2 +1,2 @@
-SHA256 (dhcp-3.1-ESV.tar.gz) = e316b7dc34f05e38724273a473f823719281f229a71a80bc358f8e74687fd7d7
-SIZE (dhcp-3.1-ESV.tar.gz) = 797454
+SHA256 (dhcp-3.1-ESV-R3.tar.gz) = fb86e124c1fe57d6d6376ceb3eb025320cce5b98002b614e1540fc21a88d6bc6
+SIZE (dhcp-3.1-ESV-R3.tar.gz) = 799075
Index: net/isc-dhcp41-server/Makefile
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp41-server/Makefile,v
retrieving revision 1.24
diff -u -r1.24 Makefile
--- net/isc-dhcp41-server/Makefile 10 Jul 2011 03:24:46 -0000 1.24
+++ net/isc-dhcp41-server/Makefile 11 Aug 2011 18:31:53 -0000
@@ -21,8 +21,8 @@
LICENSE= ISCL
-PATCHLEVEL= R2
-PORTREVISION_SERVER= 1
+PATCHLEVEL= R3
+PORTREVISION_SERVER= 2
PORTREVISION_CLIENT= 0
PORTREVISION_RELAY= 2
Index: net/isc-dhcp41-server/distinfo
===================================================================
RCS file: /ncvs/ports/net/isc-dhcp41-server/distinfo,v
retrieving revision 1.6
diff -u -r1.6 distinfo
--- net/isc-dhcp41-server/distinfo 10 Apr 2011 21:40:52 -0000 1.6
+++ net/isc-dhcp41-server/distinfo 11 Aug 2011 18:31:38 -0000
@@ -1,4 +1,2 @@
-SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03
-SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285
-SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d
-SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004
+SHA256 (dhcp-4.1-ESV-R3.tar.gz) = 0bed3380e1daf6f17e3524d5ef282c8f0d2ca1f455479463bf15f0d44b76c615
+SIZE (dhcp-4.1-ESV-R3.tar.gz) = 1103284
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list