Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 28 Feb 2018 15:29:55 -0500
From: Michael McNally <mcnally@....org>
To: oss-security@...ts.openwall.com, isc-os-security@...ts.isc.org
Cc: "security-officer@....org" <security-officer@....org>
Subject: Multiple CVEs announced by ISC (ISC DHCP: CVE-2018-5732 &
 CVE-2018-5733, BIND CVE-2018-5734)

Today ISC publicly disclosed three CVEs, two in ISC DHCP and a third
in BIND Supported Preview Edition [which is a customer-only non-public
version of BIND, but since the disclosure is public we wish to be
clear about it here so as not to confuse those who are following the
public open source version of the product.]

All three vulnerabilities are now public.  Thank you, to those who were
informed in advance, for cooperating with our disclosure schedule.

The two DHCP vulnerabilities are:

   CVE-2018-5732: A specially constructed response from a
   malicious server can cause a buffer overflow in dhclient
   https://kb.isc.org/article/AA-01565/75/CVE-2018-5732

   CVE-2018-5733: A malicious client can overflow a
   reference counter in ISC dhcpd
   https://kb.isc.org/article/AA-01567/75/CVE-2018-5733

And the (Supported Preview Edition-only) BIND vulnerability is:

   CVE-2018-5734: A malformed request can trigger an
   assertion failure in badcache.c
   https://kb.isc.org/article/AA-01562/74/CVE-2018-5734

If you have questions about these announcements please direct
them to security-officer@....org


Michael McNally
ISC Security Officer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.