Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1950
isc-dhcp security update
4 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: isc-dhcp
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-25217
Reference: ESB-2021.1935
ESB-2021.1834
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2674
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2674-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
June 03, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : isc-dhcp
Version : 4.3.5-3+deb9u2
CVE ID : CVE-2021-25217
Debian Bug : 989157
Jon Franklin and Pawel Wieczorkiewicz found an issue in the ISC DHCP
client and server when parsing lease information, which could lead to
denial of service via application crash.
For Debian 9 stretch, this problem has been fixed in version
4.3.5-3+deb9u2.
We recommend that you upgrade your isc-dhcp packages.
For the detailed security status of isc-dhcp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/isc-dhcp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmC4wCkACgkQnUbEiOQ2
gwLSAw/9EYyg7+uWNd5cL2IgBC2ODm3LmEjzEgbYngVg/pj9Pd72J8gzDFm/5J+M
9yXT8LQ2bt2VxG0GJ7TflSS+MuvTrM3yZGV1hqdEGS7Sdoka0bzzPTIvhwVDrboI
ujK40OrQFw3Zd3yoYU76Ax+bUQjuHZ1w47KgFD09rzS77rolZ5GKGaZw/n9gZhi1
E8m8ykKTKIwcZ1LEiSCVzqnicuHBJHrs+HfwSigRVZBSW8tM6s+4QyZcBd4DcWEv
waZj30FxHMlh1tr16GxpKud1N0ggLgbLM06QgYvLLJ2AAwj4P4VGaOP3q3BU4aGJ
n8eqv2cJluBd9JIUhTVQ2ahzK6Ftjk1angh75uh7kKUCwTbW8DZGxTnxfniWrrjL
29d7Le7ks6Xo8SJOyKdvPi5ocuN7PY/2qdZe+f1QulEHkXFU2ajNiUHkopM4QXvD
Ydk2TdGi6zRP16iRFd8lpaImb1dwGhqE7n4dKYYcE3BndJgAST5aYVvT0mO9HWVg
P1gXKAI3w3rUWObUlZqfb0UygJQfAjWBqsN6LUl2WV5HGaGDEKLDOUVKr77FMjaI
hYcXsOh2Mbxl98MH2loHM3AC0EShj96P28LryNw9y6UOlnFRrWGgYi9aTp9u4SLo
QGlqOQkKmpjE50kn1Fg/Kr4J6vxp1iGP+8P5geQJFU5s86o2DIM=
=ERkS
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYLmp2+NLKJtyKPYoAQgOGQ/9GPOATSDqYaujxtVlrVIlXLogAiM4YaEZ
Qptt4j203uayNPsyLFVfTeQfwHi6KgONQpt5Gkkj+VELcubasImM9YE1hTr4rbUm
6lIaqJ/kii5jmIQl8xAeQi3ah9/jfUiWuNDJRv6d/Dxr11GrcZxyDmufemTotvZQ
2MNHh810BS5IZsxFVHZSCmNDiFXf1GDF31K+vYgF+wal2KcLDYIhStTYK+y4HUED
LsijPH2IjYEVL9+zL98EY8t23I8bZLNv24ZJSjttOyWdlMj7AwBwvTXkfsqxHaZo
BoM82ldeK171xy/FH47czBo7bJ4W3Pm8FxldUunvK6iNvgf91kR6nUAkdqN6IuLi
fepruupRQ5hlajazDEd+pff5YogmAKGK2YjOD5t4/oSUd5MtnWVA+Anqk3Q8Da1Z
Lby1OdG0MoHli/lh+ISQC0pBK1pofwnFjp3fonM3D5B8wXAKRANDLBrM/CCbZL4s
xArCTZLMI8tnsxDqAiXCW+/CGYOKANq/PjQJFqDCxOFIUgJ5yDQvZwhmJNomIJW8
OenfxGqmMnhEKFBuhAmqoltSk5RYNiYYfRV06k+0ZQTQFZTOcHbSYAZjBHodsYcw
hH9JJRe0x1pdchiRtgvzr48JveNMuF9W9UwOVi4p0QyGTe9zakjX04wf7tyqoSkx
52QB4oDNvFY=
=OIl1
-----END PGP SIGNATURE-----