Medium: dhcp

2014-09-14T16:49:00
ID ALAS-2012-115
Type amazon
Reporter Amazon
Modified 2014-09-14T16:49:00

Description

Issue Overview:

A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571 __)

Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. (CVE-2012-3954 __)

Affected Packages:

dhcp

Issue Correction:
Run yum update dhcp to update your system.

New Packages:

i686:  
    dhcp-4.1.1-31.P1.17.amzn1.i686  
    dhcp-devel-4.1.1-31.P1.17.amzn1.i686  
    dhcp-debuginfo-4.1.1-31.P1.17.amzn1.i686  
    dhclient-4.1.1-31.P1.17.amzn1.i686  
    dhcp-common-4.1.1-31.P1.17.amzn1.i686

src:  
    dhcp-4.1.1-31.P1.17.amzn1.src

x86_64:  
    dhcp-common-4.1.1-31.P1.17.amzn1.x86_64  
    dhclient-4.1.1-31.P1.17.amzn1.x86_64  
    dhcp-devel-4.1.1-31.P1.17.amzn1.x86_64  
    dhcp-debuginfo-4.1.1-31.P1.17.amzn1.x86_64  
    dhcp-4.1.1-31.P1.17.amzn1.x86_64