![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928, CVE-2022-2929)
From: Peter Davies <peterd () isc org>
Date: Wed, 5 Oct 2022 18:29:06 +0200
On 5 October 2022 we (Internet Systems Consortium) disclosed two vulnerabilities affecting our ISC DHCP software:
- CVE-2022-2928 An option refcount overflow exists in dhcpd - CVE-2022-2929 DHCP memory leak New versions of ISC DHCP are available from https://www.isc.org/downloadsOperators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of the release directories for our stable release branches (4.4.3-P1 and 4.1-R16-P2):
- https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/ - https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/With the public announcement of these vulnerabilities, the embargo period is ended and any updated software packages that have been prepared may be released.
ISC Support ----
Current thread:
- ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928, CVE-2022-2929) Peter Davies (Oct 05)