From owner-freebsd-security  Tue May 14 18:55:14 2002
Delivered-To: freebsd-security@freebsd.org
Received: from castle.jp.FreeBSD.org (castle.jp.FreeBSD.org [210.226.20.15])
	by hub.freebsd.org (Postfix) with ESMTP id 0DB9737B40B
	for <security@FreeBSD.org>; Tue, 14 May 2002 18:55:09 -0700 (PDT)
Received: from localhost (localhost [::1])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet6 id g4F1t0v45904;
	Wed, 15 May 2002 10:55:01 +0900 (JST)
	(envelope-from matusita@jp.FreeBSD.org)
Cc: security@FreeBSD.org
In-Reply-To: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org>
References: <4.3.2.7.2.20020509175155.024efc00@nospam.lariat.org>
X-User-Agent: Mew/1.94.2 XEmacs/21.5 (bamboo)
X-FaceAnim: (-O_O-)(O_O- )(_O-  )(O-   )(-   -)(   -O)(  -O_)( -O_O)(-O_O-)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Dispatcher: imput version 20000228(IM140)
Lines: 18
From: Makoto Matsushita <matusita@jp.FreeBSD.org>
To: brett@lariat.org
Subject: Re: Patch/Announcement for DHCPD remote root hole?
Date: Wed, 15 May 2002 10:54:53 +0900
Message-Id: <20020515105453K.matusita@jp.FreeBSD.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


brett> Are a patch and an announcement for the ISC DHCPD format string
brett> vulnerability/remote root hole imminent?

From FreeBSD-SN-02:02:

> Port name:      isc-dhcp3
> Affected:       versions < dhcp-3.0.1.r8_1
> Status:         Fixed
> Format string vulnerability when logging DNS-update request transactions.
> <URL:http://www.cert.org/advisories/CA-2002-12.html>
> <URL:http://www.ngsec.com/docs/advisories/NGSEC-2002-2.txt>

Is it what you want?  ports/net/isc-dhcp3 is already fixed, updating
to dhcp-3.0.1.r9.

-- -
Makoto `MAR' Matsushita

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message