oss-sec mailing list archives
ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)
From: Michael McNally <mcnally () isc org>
Date: Wed, 26 May 2021 14:15:38 -0800
On May 26, 2021, we (Internet Systems Consortium) disclosed a vulnerability affecting our ISC DHCP software: CVE-2021-25217: A buffer overrun in lease file parsing code can be used to exploit a common vulnerability shared by dhcpd and dhclient https://kb.isc.org/docs/cve-2021-25217 New versions of ISC DHCP are available from https://www.isc.org/downloads Operators and package maintainers who prefer to apply patches selectively can find individual vulnerability-specific patches in the "patches" subdirectory of the release directories for our two stable release branches (4.4 and 4.1-ESV) https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/patches With the public announcement of this vulnerability, the embargo period is ended and any updated software packages that have been prepared may be released. -- Michael McNally (for ISC Security Officer)
Current thread:
- ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217) Michael McNally (May 26)