SUSE-SU-2012:1002-1: moderate: Security update for dhcp

sle-updates at lists.suse.com sle-updates at lists.suse.com
Fri Aug 17 12:08:36 MDT 2012 

   SUSE Security Update: Security update for dhcp
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:1002-1
Rating:             moderate
References:         #762108 #767661 #770236 #772924 
Cross-References:   CVE-2012-3570 CVE-2012-3571 CVE-2012-3954
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11 SP2
                    SUSE Linux Enterprise Server 11 SP2 for VMware
                    SUSE Linux Enterprise Server 11 SP2
                    SUSE Linux Enterprise Desktop 11 SP2
______________________________________________________________________________

   An update that solves three vulnerabilities and has one
   errata is now available. It includes one version update.

Description:


   This update provides dhcp 4.2.4-p1, which fixes the dhcpv6
   server crashing  while accessing the lease on heap and
   provides the following additional  fixes:

   *

   Security fixes:

   o Previously the server code was relaxed to allow
   packets with zero length client ids to be processed. Under
   some situations use of zero length client ids can cause the
   server to go into an infinite loop. As such ids are not
   valid according to RFC 2132 section 9.14 the server no
   longer accepts them. Client ids with a length of 1 are also
   invalid but the server still accepts them in order to
   minimize disruption. The restriction will likely be
   tightened in the future to disallow ids with a length of 1.
   (ISC-Bugs #29851, CVE-2012-3571
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3571
   >  ) o When attempting to convert a DUID from a client id
   option into a hardware address handle unexpected client ids
   properly. (ISC-Bugs #29852, CVE-2012-3570
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3570
   >  ) o A pair of memory leaks were found and fixed.
   (ISC-Bugs #30024, CVE-2012-3954
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3954
   >  )
   *

   Further upstream fixes:

   o Moved lease file check to a separate action so
   it is not used in restart -- it can fail when the daemon
   rewrites the lease causing a restart failure then. o
   Request dhcp6.sntp-servers in /etc/dhclient6.conf and
   forward to netconfig for processing. o Rotate the lease
   file when running in v6 mode. (ISC-Bugs #24887) o Fixed the
   code that checks if an address the server is planning to
   hand out is in a reserved range. This would appear as the
   server being out of addresses in pools with particular
   ranges. (ISC-Bugs #26498) o In the DDNS code handle error
   conditions more gracefully and add more logging code. The
   major change is to handle unexpected cancel events from the
   DNS client code. (ISC-Bugs #26287) o Tidy up the receive
   calls and eliminate the need for found_pkt. (ISC-Bugs
   #25066) o Add support for Infiniband over sockets to the
   server and relay code. o Modify the code that determines if
   an outstanding DDNS request should be cancelled. This patch
   results in cancelling the outstanding request less often.
   It fixes the problem caused by a client doing a release
   where the TXT and PTR records weren't removed from the DNS.
   (ISC-BUGS #27858) o Remove outdated note in the description
   of the bootp keyword about the option not satisfying the
   requirement of failover peers for denying dynamic bootp
   clients. (ISC-bugs #28574) o Multiple items to clean up
   IPv6 address processing. When processing an IA that we've
   seen check to see if the addresses are usable (not in use
   by somebody else) before handing it out. When reading in
   leases from the file discard expired addresses. When
   picking an address for a client include the IA ID in
   addition to the client ID to generally pick different
   addresses for different IAs. (ISC-Bugs #23138, #27945,
   #25586, #27684) o Remove unnecessary checks in the lease
   query code and clean up several compiler issues (some
   dereferences of NULL and treating an int as a boolean).
   (ISC-Bugs #26203) o Fix the NA and PD allocation code to
   handle the case where a client provides a preference and
   the server doesn't have any addresses or prefixes
   available. Previoulsy the server ignored the request with
   this patch it replies with a NoAddrsAvail or NoPrefixAvail
   response. By default the code performs according to the
   errata of August 2010 for RFC 3315 section 17.2.2; to
   enable the previous style see the section on
   RFC3315_PRE_ERRATA_2010_08 in includes/site.h. o Fix up
   some issues found by static analysis. A potential memory
   leak and NULL dereference in omapi. The use of a boolean
   test instead of a bitwise test in dst. (ISC-Bugs #28941)

   In addition, the dhcp-server init script now checks the
   syntax prior  restarting the daemon to avoid stopping of
   the daemon when a start would  fail.


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11 SP2:

      zypper in -t patch sdksp2-dhcp-6606

   - SUSE Linux Enterprise Server 11 SP2 for VMware:

      zypper in -t patch slessp2-dhcp-6606

   - SUSE Linux Enterprise Server 11 SP2:

      zypper in -t patch slessp2-dhcp-6606

   - SUSE Linux Enterprise Desktop 11 SP2:

      zypper in -t patch sledsp2-dhcp-6606

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P1]:

      dhcp-devel-4.2.4.P1-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64) [New Version: 4.2.4.P1]:

      dhcp-4.2.4.P1-0.5.1
      dhcp-client-4.2.4.P1-0.5.1
      dhcp-relay-4.2.4.P1-0.5.1
      dhcp-server-4.2.4.P1-0.5.1

   - SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 4.2.4.P1]:

      dhcp-4.2.4.P1-0.5.1
      dhcp-client-4.2.4.P1-0.5.1
      dhcp-relay-4.2.4.P1-0.5.1
      dhcp-server-4.2.4.P1-0.5.1

   - SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64) [New Version: 4.2.4.P1]:

      dhcp-4.2.4.P1-0.5.1
      dhcp-client-4.2.4.P1-0.5.1


References:

   http://support.novell.com/security/cve/CVE-2012-3570.html
   http://support.novell.com/security/cve/CVE-2012-3571.html
   http://support.novell.com/security/cve/CVE-2012-3954.html
   https://bugzilla.novell.com/762108
   https://bugzilla.novell.com/767661
   https://bugzilla.novell.com/770236
   https://bugzilla.novell.com/772924
   http://download.novell.com/patch/finder/?keywords=be5649bf71f404d2c7566610f48e0de9

More information about the sle-updates mailing list