Skip to navigation

Security Advisory Moderate: dhcp security update

Advisory: RHSA-2012:1140-1
Type: Security Advisory
Severity: Moderate
Issued on: 2012-08-03
Last updated on: 2012-08-03
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2012-3571

Details

Updated dhcp packages that fix one security issue are now available for
Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows
individual devices on an IP network to get their own network configuration
information, including an IP address, a subnet mask, and a broadcast
address.

A denial of service flaw was found in the way the dhcpd daemon handled
zero-length client identifiers. A remote attacker could use this flaw to
send a specially-crafted request to dhcpd, possibly causing it to enter an
infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)

Upstream acknowledges Markus Hietava of the Codenomicon CROSS project as
the original reporter of this issue.

Users of DHCP should upgrade to these updated packages, which contain a
backported patch to correct this issue. After installing this update, all
DHCP servers will be restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
dhcp-3.0.5-31.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0183
    MD5: bd5ed394c23195fd28ce100f3229b5ed
SHA-256: ec2598dbd44008207a59d872495a4c3c10b61c91afab531fafa90b09d1e0720d
 
IA-32:
dhcp-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 4f14344e518db7bef886bda08fe9189a
SHA-256: 2e989cfcebac3b73ff7d9443495caf7534d1084feaa3dabf86062d9ab2980df4
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
dhcp-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 7d9e9d86b4e1afb2add8a2b502ef9436
SHA-256: 6e0230823326696271387d15c857b48448bdecb97af85e2a226483a851bce17e
libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: a1c64b531966b96d6c8b42407dd9bf96
SHA-256: 7a6fc552f4499a1826b4b93efc9fcdd7471102bacaa176c4d8a81dd52a380d3e
 
x86_64:
dhcp-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 81aaba5aaa72af98c54d16071333455b
SHA-256: 58236f613ff18ff0c194cda4d4085b3a42f1ef4ef83783a83730002a504186cc
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 5d91599d2c69433c0a3c8b02d4938ab6
SHA-256: 70f21bd8e439d9f65ee5d8552be4b3ae77cf1ca5b41e652bdbaf6527c8c3fc5d
dhcp-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 7d9e9d86b4e1afb2add8a2b502ef9436
SHA-256: 6e0230823326696271387d15c857b48448bdecb97af85e2a226483a851bce17e
dhcp-devel-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 28c20667dd96457c7fb48d6de01ae243
SHA-256: ca556de4ccaf8ea2c48d625ae670f51c50508b077b0714180ff0e868b1376a8d
libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: a1c64b531966b96d6c8b42407dd9bf96
SHA-256: 7a6fc552f4499a1826b4b93efc9fcdd7471102bacaa176c4d8a81dd52a380d3e
libdhcp4client-devel-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 0537662b10ebc011209176c99c0ae9b9
SHA-256: 5039740c1e2f24af75cf554e456ffdc263f1c6ada33dc79f9379db50a90fb24d
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
dhcp-3.0.5-31.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0183
    MD5: bd5ed394c23195fd28ce100f3229b5ed
SHA-256: ec2598dbd44008207a59d872495a4c3c10b61c91afab531fafa90b09d1e0720d
 
IA-32:
dhclient-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: e4a7ad89b3de64383fbaf7cc7a5acf85
SHA-256: 31d1f2af6df3279b62a8df30c2a30bfff2c4349b2f6b74b29be777f1102bb6e8
dhcp-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 4f14344e518db7bef886bda08fe9189a
SHA-256: 2e989cfcebac3b73ff7d9443495caf7534d1084feaa3dabf86062d9ab2980df4
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
dhcp-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 7d9e9d86b4e1afb2add8a2b502ef9436
SHA-256: 6e0230823326696271387d15c857b48448bdecb97af85e2a226483a851bce17e
libdhcp4client-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 86e9accbf8fc3c70f35516026c882655
SHA-256: 7030c0687300fb792d93b4b5cbe232d5d79b0abc7f5113fe332b3d232da937e3
libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: a1c64b531966b96d6c8b42407dd9bf96
SHA-256: 7a6fc552f4499a1826b4b93efc9fcdd7471102bacaa176c4d8a81dd52a380d3e
 
IA-64:
dhclient-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: c7954a1e59b5224d276c99c564410a87
SHA-256: de0245266980f09a078982ec2a0514721e9d841c77c7252241752cfe75dcb203
dhcp-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: bbc5ad16d691168290bfa3c476f54391
SHA-256: a2d4cc3326b0867a87877685199e3770fa1c17f395958603017f25fd4f6ae6d8
dhcp-debuginfo-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: c946933fb2175ec96dd4c030b95fa7dd
SHA-256: 5783441774ef04306eb4b1043e90358ac04c85d8b078d7b0651ff4bf1fda98f0
dhcp-devel-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 01bec995dbf33850a111539cbd88bc45
SHA-256: baba1b84ced7a56797970791b412f3e8bfaba781fbcf97193a08bd82e6133187
libdhcp4client-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 10ba09765396f478c2f77a4c6f559edb
SHA-256: 4f6ad2f71aa50b1349d661c5859e49f2593ea64b002d120b2ffb91c5d41c4c8b
libdhcp4client-devel-3.0.5-31.el5_8.1.ia64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 1eac9e5d21f5f6632ce24b945aeb0c37
SHA-256: 82640d26fe14050893922e6e591a8d05cb15becc554e26423ad747d2dc41eb86
 
PPC:
dhclient-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: c67f0d733419668637afd68a0e69497a
SHA-256: 0c7e3d0802fbacee84e37c56198fc049f82756df5a8e4c76f5afcf5bdcb176cc
dhcp-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: 427cffe5e3600e7a085c3b5e053ee033
SHA-256: 7f73767fd272bd129aadd8be03428757edcb0359042fc605dc4e919c53689354
dhcp-debuginfo-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: a1ee3bd6bf5933cbe4e205999fe367e8
SHA-256: fd7be3fbd749c61767fcc6211fc5cc12a50f1be9dc1daa7c44d40affcf86f492
dhcp-debuginfo-3.0.5-31.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0183
    MD5: d22e6707ed4aad8eb634a80dd41c4458
SHA-256: 370a10d95d0b2627f1139c747b7570230e766c76fe00d4e62031905089396757
dhcp-devel-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: 67bc3d7d2a696a637a33d845c562a2df
SHA-256: 6e32d11e5fe1981eec979dce96663add680f998fc2e6dfa69389e5361354ae9d
dhcp-devel-3.0.5-31.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0183
    MD5: a557370635b837643dac7bf07280fc36
SHA-256: 4b213dcffbb6c0e1cc0bbff44b92760f45e718338266eaa2a6e07e6df31744e9
libdhcp4client-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: e23d2d8af0d787e3e9efdd7588522264
SHA-256: dc9bb51f64ca0650d6bdee41c74b3cbd4ff4e5aef65395f9e7b72b117eec8898
libdhcp4client-3.0.5-31.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 39c7805148278e08122aae91d67a6ae2
SHA-256: b780ca6ad30c3b9c421b61cc09245f9bd717051c7c2cf13fc390ac0ceb965f11
libdhcp4client-devel-3.0.5-31.el5_8.1.ppc.rpm
File outdated by:  RHBA-2013:0183
    MD5: e056ab94a01456c82c8270dee60c61a9
SHA-256: c3f7a765600098099981aa7715bf80305e233ca943f89df0a308061ceedfbcba
libdhcp4client-devel-3.0.5-31.el5_8.1.ppc64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 4a1385d7829033769d735b9b1aa124b6
SHA-256: 748918489edeea76626359dc7e783edd0132cc46d2674ad964eb00868164be54
 
s390x:
dhclient-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: d9531bc428c6726d2f547949050bf631
SHA-256: e6472b006cb4f989ddef6a9c82704c7514b65dc1980ff540aa1a2d4521de0878
dhcp-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: a8b151b8d829464b10d711fee5305c1e
SHA-256: 06e25667909ece648da22b0d889c776d83fa33af169499c947572009208fb97b
dhcp-debuginfo-3.0.5-31.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0183
    MD5: 480c6aef68702de53374e0080a6ca20d
SHA-256: 61f1c7cd0316a54d7b50e9048329f85b9e42e498a0a68322a1e73e31f8b4b2cb
dhcp-debuginfo-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: 78b654432b232b3cf0e8cfefe48b58f0
SHA-256: 0312a68998cf1f468a6577faba19a91581decba8c89f88cc5015274e92eb94cf
dhcp-devel-3.0.5-31.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0183
    MD5: d8d51278dd35f3c4de9de7da025efa66
SHA-256: 5d71cc60674e6cbbd954f5cbf66bad98ca176d31461f4e74ac89558e3b4e573e
dhcp-devel-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: 92d77ce9c5da508ae5d7f95a497f5675
SHA-256: c0cddcadbce51aacdb86d605b171ec43afdf6a50c9bea1ab52740771317523ff
libdhcp4client-3.0.5-31.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0183
    MD5: 9cc1556cce854f0c2e3cd2eb80943bed
SHA-256: 285f02e6568502792dfec6b97962f60ea0b90605d3e60d4f8feb34bf4db2e37d
libdhcp4client-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: b855d067c37512b7429c94d4e6a43599
SHA-256: 049408b0c6adf205ad2b3174cf1f4c6e828b3e72986c53fde89972fc9ddcd3e9
libdhcp4client-devel-3.0.5-31.el5_8.1.s390.rpm
File outdated by:  RHBA-2013:0183
    MD5: 43f5cf0d6d91e5cfa7a17dc35bb2b960
SHA-256: 0a971376a2ced29b74919913126d772b1925b8d810addfb81b96e3475a76b4de
libdhcp4client-devel-3.0.5-31.el5_8.1.s390x.rpm
File outdated by:  RHBA-2013:0183
    MD5: 132780fa36b0a8079d0117ad1a694319
SHA-256: d27b1b50a83c3afb1ff510c7d07cb87cbb59b5970df674e6bac38e41f2a3afe6
 
x86_64:
dhclient-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 2a31eb03d5cf84cd40b32283cdd8ec84
SHA-256: eca8beb1500d0a3100a452f73eb9c9e5bdfbabb6cd1fd00fc83d1e59893346c9
dhcp-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 81aaba5aaa72af98c54d16071333455b
SHA-256: 58236f613ff18ff0c194cda4d4085b3a42f1ef4ef83783a83730002a504186cc
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 5d91599d2c69433c0a3c8b02d4938ab6
SHA-256: 70f21bd8e439d9f65ee5d8552be4b3ae77cf1ca5b41e652bdbaf6527c8c3fc5d
dhcp-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 7d9e9d86b4e1afb2add8a2b502ef9436
SHA-256: 6e0230823326696271387d15c857b48448bdecb97af85e2a226483a851bce17e
dhcp-devel-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 28c20667dd96457c7fb48d6de01ae243
SHA-256: ca556de4ccaf8ea2c48d625ae670f51c50508b077b0714180ff0e868b1376a8d
libdhcp4client-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 86e9accbf8fc3c70f35516026c882655
SHA-256: 7030c0687300fb792d93b4b5cbe232d5d79b0abc7f5113fe332b3d232da937e3
libdhcp4client-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: b2e2fbd4b3ff5097ab71b3f8488184e3
SHA-256: 4ac9502fe11987b423e7e03d96b594d9310268ff779dd76a864281f5da14e629
libdhcp4client-devel-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: a1c64b531966b96d6c8b42407dd9bf96
SHA-256: 7a6fc552f4499a1826b4b93efc9fcdd7471102bacaa176c4d8a81dd52a380d3e
libdhcp4client-devel-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 0537662b10ebc011209176c99c0ae9b9
SHA-256: 5039740c1e2f24af75cf554e456ffdc263f1c6ada33dc79f9379db50a90fb24d
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
dhcp-3.0.5-31.el5_8.1.src.rpm
File outdated by:  RHBA-2013:0183
    MD5: bd5ed394c23195fd28ce100f3229b5ed
SHA-256: ec2598dbd44008207a59d872495a4c3c10b61c91afab531fafa90b09d1e0720d
 
IA-32:
dhclient-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: e4a7ad89b3de64383fbaf7cc7a5acf85
SHA-256: 31d1f2af6df3279b62a8df30c2a30bfff2c4349b2f6b74b29be777f1102bb6e8
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
libdhcp4client-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 86e9accbf8fc3c70f35516026c882655
SHA-256: 7030c0687300fb792d93b4b5cbe232d5d79b0abc7f5113fe332b3d232da937e3
 
x86_64:
dhclient-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 2a31eb03d5cf84cd40b32283cdd8ec84
SHA-256: eca8beb1500d0a3100a452f73eb9c9e5bdfbabb6cd1fd00fc83d1e59893346c9
dhcp-debuginfo-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 620af65da1f984b96530e38bfdd61033
SHA-256: 11df4349866bf1b81b758eacaac0cea1eea5f78fa276c8ae1477a8d455ccbef4
dhcp-debuginfo-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: 5d91599d2c69433c0a3c8b02d4938ab6
SHA-256: 70f21bd8e439d9f65ee5d8552be4b3ae77cf1ca5b41e652bdbaf6527c8c3fc5d
libdhcp4client-3.0.5-31.el5_8.1.i386.rpm
File outdated by:  RHBA-2013:0183
    MD5: 86e9accbf8fc3c70f35516026c882655
SHA-256: 7030c0687300fb792d93b4b5cbe232d5d79b0abc7f5113fe332b3d232da937e3
libdhcp4client-3.0.5-31.el5_8.1.x86_64.rpm
File outdated by:  RHBA-2013:0183
    MD5: b2e2fbd4b3ff5097ab71b3f8488184e3
SHA-256: 4ac9502fe11987b423e7e03d96b594d9310268ff779dd76a864281f5da14e629
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

842420 - CVE-2012-3571 dhcp: DoS due to error in handling malformed client identifiers


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/