Security update for dhcp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0537-1 Final 1 1 2018-02-24T09:14:57Z current 2018-02-24T09:14:57Z 2018-02-24T09:14:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for dhcp This update for dhcp fixes several issues. This security issue was fixed: - CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message is received allowing DoS (bsc#1076119). These non-security issues were fixed: - Optimized if and when DNS client context and ports are initted (bsc#1073935) - Relax permission of dhclient-script for libguestfs (bsc#987170) - Modify dhclient-script to handle static route updates (bsc#1023415). - Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061) This update was imported from the SUSE:SLE-12-SP1:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2018-02/msg00101.html E-Mail link for openSUSE-SU-2018:0537-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 dhcp-4.3.3-11.3.1 dhcp-client-4.3.3-11.3.1 dhcp-devel-4.3.3-11.3.1 dhcp-doc-4.3.3-11.3.1 dhcp-relay-4.3.3-11.3.1 dhcp-server-4.3.3-11.3.1 dhcp-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 dhcp-client-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 dhcp-devel-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 dhcp-doc-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 dhcp-relay-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 dhcp-server-4.3.3-11.3.1 as a component of openSUSE Leap 42.3 A vulnerability stemming from failure to properly clean up closed OMAPI connections can lead to exhaustion of the pool of socket descriptors available to the DHCP server. Affects ISC DHCP 4.1.0 to 4.1-ESV-R15, 4.2.0 to 4.2.8, 4.3.0 to 4.3.6. Older versions may also be affected but are well beyond their end-of-life (EOL). Releases prior to 4.1.0 have not been tested. CVE-2017-3144 openSUSE Leap 42.3:dhcp-4.3.3-11.3.1 openSUSE Leap 42.3:dhcp-client-4.3.3-11.3.1 openSUSE Leap 42.3:dhcp-devel-4.3.3-11.3.1 openSUSE Leap 42.3:dhcp-doc-4.3.3-11.3.1 openSUSE Leap 42.3:dhcp-relay-4.3.3-11.3.1 openSUSE Leap 42.3:dhcp-server-4.3.3-11.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2018-02/msg00101.html https://www.suse.com/security/cve/CVE-2017-3144.html CVE-2017-3144 https://bugzilla.suse.com/1076118 SUSE Bug 1076118 https://bugzilla.suse.com/1076119 SUSE Bug 1076119