Date: Wed, 28 Feb 2018 15:29:55 -0500 From: Michael McNally <mcnally@....org> To: oss-security@...ts.openwall.com, isc-os-security@...ts.isc.org Cc: "security-officer@....org" <security-officer@....org> Subject: Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 & CVE-2018-5733, BIND CVE-2018-5734) Today ISC publicly disclosed three CVEs, two in ISC DHCP and a third in BIND Supported Preview Edition [which is a customer-only non-public version of BIND, but since the disclosure is public we wish to be clear about it here so as not to confuse those who are following the public open source version of the product.] All three vulnerabilities are now public. Thank you, to those who were informed in advance, for cooperating with our disclosure schedule. The two DHCP vulnerabilities are: CVE-2018-5732: A specially constructed response from a malicious server can cause a buffer overflow in dhclient https://kb.isc.org/article/AA-01565/75/CVE-2018-5732 CVE-2018-5733: A malicious client can overflow a reference counter in ISC dhcpd https://kb.isc.org/article/AA-01567/75/CVE-2018-5733 And the (Supported Preview Edition-only) BIND vulnerability is: CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c https://kb.isc.org/article/AA-01562/74/CVE-2018-5734 If you have questions about these announcements please direct them to security-officer@....org Michael McNally ISC Security Officer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ