Skip to navigation

Security Advisory Low: dhcp security and bug fix update

Advisory: RHSA-2013:0504-2
Type: Security Advisory
Severity: Low
Issued on: 2013-02-21
Last updated on: 2013-02-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2012-3955

Details

Updated dhcp packages that fix one security issue and two bugs are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

The dhcp packages provide the Dynamic Host Configuration Protocol (DHCP)
that allows individual devices on an IP network to get their own network
configuration information, including an IP address, a subnet mask, and a
broadcast address.

A flaw was found in the way the dhcpd daemon handled the expiration time of
IPv6 leases. If dhcpd's configuration was changed to reduce the default
IPv6 lease time, lease renewal requests for previously assigned leases
could cause dhcpd to crash. (CVE-2012-3955)

This update also fixes the following bugs:

* Prior to this update, the DHCP server discovered only the first IP
address of a network interface if the network interface had more than one
configured IP address. As a consequence, the DHCP server failed to
restart if the server was configured to serve only a subnet of the
following IP addresses. This update modifies network interface addresses
discovery code to find all addresses of a network interface. The DHCP
server can also serve subnets of other addresses. (BZ#803540)

* Prior to this update, the dhclient rewrote the /etc/resolv.conf file
with backup data after it was stopped even when the PEERDNS flag was set
to "no" before shut down if the configuration file was changed while the
dhclient ran with PEERDNS=yes. This update removes the backing up and
restoring functions for this configuration file from the dhclient-script.
Now, the dhclient no longer rewrites the /etc/resolv.conf file when
stopped. (BZ#824622)

All users of DHCP are advised to upgrade to these updated packages, which
fix these issues. After installing this update, all DHCP servers will be
restarted automatically.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
dhcp-4.1.1-34.P1.el6.src.rpm
File outdated by:  RHBA-2013:1572
    MD5: d55009ffa41dc4315441dfa0eada02e7
SHA-256: 5a2d8d76b9afb9fecdd5c88f54d34bcc2f7f7ab76c35bc02e0791f2a43757b4d
 
IA-32:
dhclient-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 74fd6bc26576143f3c3052010a01529d
SHA-256: 218cec8003e1664f43f2a817c162aada3f7309ecf554814d84c45d50ad99d134
dhcp-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 226b976c0f6009862a7691fb058be6b1
SHA-256: 4ff119fcad59ab741241422bb7c0efff624bf828e2ab9d375bfc6923d2f3ff82
dhcp-common-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: fd9398d1c3a187e8ea5dc0138757674c
SHA-256: 444ee887ec50c24310058847da494a2721fadbe36503eea8c57cf0dfa25370d4
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
 
x86_64:
dhclient-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 510932e3a2d97266de4c242b3a82cf62
SHA-256: c4ba68c7f52b501a1ab85d5a76e79fb86c60d64dd4b8fd3dd5614ce0eaeecfe9
dhcp-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: bc33be1779ce6a7e3bcca2763263d925
SHA-256: 49719ae84ce5a110027aa2a57f085a916351f1f4cb998a401dad05be1494311a
dhcp-common-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: a405d482b1cfe33ab5eb832a4c093c5f
SHA-256: f329697415b5e2836f5254970fc598262d46c4a6c388be0ab4769e09fc4f86ad
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 15281a0081e5ba0ebcc1566b85172468
SHA-256: e7d7b3f9441fed520998b86090cd13065eeca89e5547f1bf33d97a47d56af528
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 24d083d393d9ec8b78f4396d1475c4cd
SHA-256: fd6270e7b3011a8ff3ce9363b84600a2191674fa47c0c4812ba8fa1112ab8871
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
dhcp-4.1.1-34.P1.el6.src.rpm
File outdated by:  RHBA-2013:1572
    MD5: d55009ffa41dc4315441dfa0eada02e7
SHA-256: 5a2d8d76b9afb9fecdd5c88f54d34bcc2f7f7ab76c35bc02e0791f2a43757b4d
 
x86_64:
dhclient-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 510932e3a2d97266de4c242b3a82cf62
SHA-256: c4ba68c7f52b501a1ab85d5a76e79fb86c60d64dd4b8fd3dd5614ce0eaeecfe9
dhcp-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: bc33be1779ce6a7e3bcca2763263d925
SHA-256: 49719ae84ce5a110027aa2a57f085a916351f1f4cb998a401dad05be1494311a
dhcp-common-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: a405d482b1cfe33ab5eb832a4c093c5f
SHA-256: f329697415b5e2836f5254970fc598262d46c4a6c388be0ab4769e09fc4f86ad
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 15281a0081e5ba0ebcc1566b85172468
SHA-256: e7d7b3f9441fed520998b86090cd13065eeca89e5547f1bf33d97a47d56af528
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 24d083d393d9ec8b78f4396d1475c4cd
SHA-256: fd6270e7b3011a8ff3ce9363b84600a2191674fa47c0c4812ba8fa1112ab8871
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
dhcp-4.1.1-34.P1.el6.src.rpm
File outdated by:  RHBA-2013:1572
    MD5: d55009ffa41dc4315441dfa0eada02e7
SHA-256: 5a2d8d76b9afb9fecdd5c88f54d34bcc2f7f7ab76c35bc02e0791f2a43757b4d
 
IA-32:
dhclient-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 74fd6bc26576143f3c3052010a01529d
SHA-256: 218cec8003e1664f43f2a817c162aada3f7309ecf554814d84c45d50ad99d134
dhcp-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 226b976c0f6009862a7691fb058be6b1
SHA-256: 4ff119fcad59ab741241422bb7c0efff624bf828e2ab9d375bfc6923d2f3ff82
dhcp-common-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: fd9398d1c3a187e8ea5dc0138757674c
SHA-256: 444ee887ec50c24310058847da494a2721fadbe36503eea8c57cf0dfa25370d4
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
 
PPC:
dhclient-4.1.1-34.P1.el6.ppc64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 643f453ca75a927afc02ab3d46a779f1
SHA-256: b772a28848ae69ccee1dac701f3f4d35eb43c8dd0784fe8332bab13a408e4691
dhcp-4.1.1-34.P1.el6.ppc64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 0d0e822b8beefee0297d240befcd3279
SHA-256: d09f033e1ad8f548bdb045632ce322089fda3f146576628c63253d5af7dabb2f
dhcp-common-4.1.1-34.P1.el6.ppc64.rpm
File outdated by:  RHBA-2013:1572
    MD5: e826daa17981ec7bb3f5d0339a320f83
SHA-256: c5e16e049ed2b2778d13444d721e3b3e8af6836652126bfb5950e9d7e3d925b5
dhcp-debuginfo-4.1.1-34.P1.el6.ppc.rpm
File outdated by:  RHBA-2013:1572
    MD5: f8d973776c40fce955801c3963cf09e8
SHA-256: 419bf4ce7715995d9425dbbd80fa29bf5e1c81dc3efacd364541f0e0dd5ca000
dhcp-debuginfo-4.1.1-34.P1.el6.ppc64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 306aaf497d70e40dff6ffa2dbfadae4e
SHA-256: 95852a11030daaf73e1ec3d59915921a589f231357a938d5695985d744eb9fa8
dhcp-devel-4.1.1-34.P1.el6.ppc.rpm
File outdated by:  RHBA-2013:1572
    MD5: 526f75f8785861d46a280d0375fc2d5f
SHA-256: 15f5b246a009ff3b36ca290549b7561915cbb6bda5cb664e6b3d36a79ae522ad
dhcp-devel-4.1.1-34.P1.el6.ppc64.rpm
File outdated by:  RHBA-2013:1572
    MD5: fd05732a092c7b5c46f77e3dc52f7b7c
SHA-256: 38363980fc4a0d88ab08e5ec84165fa6744b2dd8574954296a7589f0cc800fae
 
s390x:
dhclient-4.1.1-34.P1.el6.s390x.rpm
File outdated by:  RHBA-2013:1572
    MD5: 2f92a38a65b3f2346694b7f9a14c32c5
SHA-256: 77043b8834e08e75904b14020d923f3016e18f38d114d8f4671bad1e2f1037d0
dhcp-4.1.1-34.P1.el6.s390x.rpm
File outdated by:  RHBA-2013:1572
    MD5: 0d77927e51cd4354eb6ef2cf62127355
SHA-256: 38a5ee1aba78fb3e503ca2534004a4b5e9036f7ada4e1de1d85761597a764637
dhcp-common-4.1.1-34.P1.el6.s390x.rpm
File outdated by:  RHBA-2013:1572
    MD5: 04314aef9f2544662f426d5dc2873281
SHA-256: 761b2d70ca2b305c756502c7e795b0eb657575cb00dc841afa43792d65837ad5
dhcp-debuginfo-4.1.1-34.P1.el6.s390.rpm
File outdated by:  RHBA-2013:1572
    MD5: 97356ea21b346a9b30de690e1dcfdbc3
SHA-256: 5158052c1456ba15b94b729bc2ef00f97ddb90f55e435bf91645195ca6dd8680
dhcp-debuginfo-4.1.1-34.P1.el6.s390x.rpm
File outdated by:  RHBA-2013:1572
    MD5: 2102eeed122b2733459767b3e63a0ef9
SHA-256: 9247afded003ef071ef4818a76596e638e31cc96e48d4f598cbc9f0c04e54880
dhcp-devel-4.1.1-34.P1.el6.s390.rpm
File outdated by:  RHBA-2013:1572
    MD5: 43886b42007170d83b8728a4097c6c76
SHA-256: 5c486e0ee0ea5a48b7fa860152f8f50749dc3bb2cfa2484c5df890cfdbf6eeb6
dhcp-devel-4.1.1-34.P1.el6.s390x.rpm
File outdated by:  RHBA-2013:1572
    MD5: aa42048b6b8f2f86cc788bf635cd121f
SHA-256: 5686e24ec9b79282030a1caa30591820bb3b93e55b8cbe314c07e54983b527f7
 
x86_64:
dhclient-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 510932e3a2d97266de4c242b3a82cf62
SHA-256: c4ba68c7f52b501a1ab85d5a76e79fb86c60d64dd4b8fd3dd5614ce0eaeecfe9
dhcp-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: bc33be1779ce6a7e3bcca2763263d925
SHA-256: 49719ae84ce5a110027aa2a57f085a916351f1f4cb998a401dad05be1494311a
dhcp-common-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: a405d482b1cfe33ab5eb832a4c093c5f
SHA-256: f329697415b5e2836f5254970fc598262d46c4a6c388be0ab4769e09fc4f86ad
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 15281a0081e5ba0ebcc1566b85172468
SHA-256: e7d7b3f9441fed520998b86090cd13065eeca89e5547f1bf33d97a47d56af528
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 24d083d393d9ec8b78f4396d1475c4cd
SHA-256: fd6270e7b3011a8ff3ce9363b84600a2191674fa47c0c4812ba8fa1112ab8871
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
dhcp-4.1.1-34.P1.el6.src.rpm
File outdated by:  RHBA-2013:1572
    MD5: d55009ffa41dc4315441dfa0eada02e7
SHA-256: 5a2d8d76b9afb9fecdd5c88f54d34bcc2f7f7ab76c35bc02e0791f2a43757b4d
 
IA-32:
dhclient-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 74fd6bc26576143f3c3052010a01529d
SHA-256: 218cec8003e1664f43f2a817c162aada3f7309ecf554814d84c45d50ad99d134
dhcp-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 226b976c0f6009862a7691fb058be6b1
SHA-256: 4ff119fcad59ab741241422bb7c0efff624bf828e2ab9d375bfc6923d2f3ff82
dhcp-common-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: fd9398d1c3a187e8ea5dc0138757674c
SHA-256: 444ee887ec50c24310058847da494a2721fadbe36503eea8c57cf0dfa25370d4
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
 
x86_64:
dhclient-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 510932e3a2d97266de4c242b3a82cf62
SHA-256: c4ba68c7f52b501a1ab85d5a76e79fb86c60d64dd4b8fd3dd5614ce0eaeecfe9
dhcp-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: bc33be1779ce6a7e3bcca2763263d925
SHA-256: 49719ae84ce5a110027aa2a57f085a916351f1f4cb998a401dad05be1494311a
dhcp-common-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: a405d482b1cfe33ab5eb832a4c093c5f
SHA-256: f329697415b5e2836f5254970fc598262d46c4a6c388be0ab4769e09fc4f86ad
dhcp-debuginfo-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: e95bbb26ce46be7a8144d014333ea527
SHA-256: d7d17d5f3a5f48a8f98e0c438a472c2735656a88d7ee5f5d13b1f902db64d591
dhcp-debuginfo-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 15281a0081e5ba0ebcc1566b85172468
SHA-256: e7d7b3f9441fed520998b86090cd13065eeca89e5547f1bf33d97a47d56af528
dhcp-devel-4.1.1-34.P1.el6.i686.rpm
File outdated by:  RHBA-2013:1572
    MD5: 51c690b1b8fb320932627d8f5a296e5d
SHA-256: 48382277b47b004eb5523f71b8bb3b83b766becb0bc19bfd179dc433d6fa8447
dhcp-devel-4.1.1-34.P1.el6.x86_64.rpm
File outdated by:  RHBA-2013:1572
    MD5: 24d083d393d9ec8b78f4396d1475c4cd
SHA-256: fd6270e7b3011a8ff3ce9363b84600a2191674fa47c0c4812ba8fa1112ab8871
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

803540 - DHCP server fails to start if the subnet is not the primary subnet for a device
824622 - dhclient-script should honor PEERDNS on quit
856766 - CVE-2012-3955 dhcp: reduced expiration time of an IPv6 lease may cause dhcpd to crash


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/