oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ISC has disclosed a vulnerability in ISC DHCP (CVE-2021-25217)

From: Michael McNally <mcnally () isc org>
Date: Wed, 26 May 2021 14:15:38 -0800
On May 26, 2021, we (Internet Systems Consortium) disclosed a
vulnerability affecting our ISC DHCP software:

   CVE-2021-25217: A buffer overrun in lease file parsing code can be
   used to exploit a common vulnerability shared by dhcpd and dhclient
   https://kb.isc.org/docs/cve-2021-25217

New versions of ISC DHCP are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches selectively can
find individual vulnerability-specific patches in the "patches" subdirectory
of the release directories for our two stable release branches (4.4 and 4.1-ESV)

  https://downloads.isc.org/isc/dhcp/4.4.2-P1/patches
  https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P1/patches

With the public announcement of this vulnerability, the embargo
period is ended and any updated software packages that have been
prepared may be released.

--

Michael McNally
(for ISC Security Officer)
Previous By Date Next
Previous By Thread Next

Current thread: