Date: Thu, 11 Aug 2011 14:46:32 -0400 (EDT) From: Wesley Shields <wxs@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: jpaetzel@FreeBSD.org, douglas@douglasthrift.net Subject: ports/159698: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server Message-ID: <20110811184632.5EF7D5C43@syn.atarininja.org> Resent-Message-ID: <201108111910.p7BJA8gx036206@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 159698 >Category: ports >Synopsis: [SECURITY UPDATE]: Update net/isc-dhcp31-server and net/isc-dhcp41-server >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Aug 11 19:10:08 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Wesley Shields >Release: FreeBSD 8.2-RELEASE-p2 amd64 >Organization: >Environment: System: FreeBSD syn.csh.rit.edu 8.2-RELEASE-p2 FreeBSD 8.2-RELEASE-p2 #3: Sun May 29 08:12:53 EDT 2011 root@syn.csh.rit.edu:/usr/obj/usr/src/sys/GENERIC amd64 >Description: ISC released an advisory for their DHCP server. The attached patch updates both net/isc-dhcp41-server and net/isc-dhcp31-server to their latest versions. I'm also attaching a vuxml entry for this. I'm willing to commit both of these immediately, given that they are security relevant. However, since they are at least in the case of net/isc-dhcp31-server contain other updates (going to -R3 skipping -R1, -R2 was never released) I'd like to give Josh a couple of days to comment on it. http://www.isc.org/software/dhcp/advisories/cve-2011-2748 >How-To-Repeat: N/A >Fix: Index: vuln.xml =================================================================== RCS file: /ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2406 diff -u -r1.2406 vuln.xml --- vuln.xml 11 Aug 2011 08:37:56 -0000 1.2406 +++ vuln.xml 11 Aug 2011 18:34:23 -0000 @@ -34,6 +34,38 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="510b630e-c43b-11e0-916c-00e0815b8da8"> + <topic>isc-dhcp-server -- server halt upon processing certain packets</topic> + <affects> + <package> + <name>isc-dhcp31-server</name> + <range><lt>3.1.ESV_1,1</lt></range> + </package> + <package> + <name>isc-dhcp41-server</name> + <range><lt>isc-dhcp41-server-4.1.e_2,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>ISC reports:</p> + <blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-2748">; + <p>A pair of defects cause the server to halt upon processing certain + packets. The patch is to properly discard or process those packets. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2011-2748</cvename> + <cvename>CVE-2011-2749</cvename> + </references> + <dates> + <discovery>2011-11-10</discovery> + <entry>2011-04-11</entry> + </dates> + </vuln> + <vuln vid="304409c3-c3ef-11e0-8aa5-485d60cb5385"> <topic>libXfont -- possible local privilege escalation</topic> <affects> Index: net/isc-dhcp31-server/Makefile =================================================================== RCS file: /ncvs/ports/net/isc-dhcp31-server/Makefile,v retrieving revision 1.134 diff -u -r1.134 Makefile --- net/isc-dhcp31-server/Makefile 10 Jul 2011 03:24:46 -0000 1.134 +++ net/isc-dhcp31-server/Makefile 11 Aug 2011 18:37:21 -0000 @@ -15,12 +15,12 @@ MASTER_SITE_SUBDIR= dhcp dhcp/dhcp-3.1-history PKGNAMEPREFIX= isc- PKGNAMESUFFIX= 31-${SUBSYS} -DISTNAME= ${PORTNAME}-3.1-ESV +DISTNAME= ${PORTNAME}-3.1-ESV-R3 MAINTAINER= jpaetzel@FreeBSD.org COMMENT?= The ISC Dynamic Host Configuration Protocol server -PORTREVISION_SERVER= 0 +PORTREVISION_SERVER= 1 PORTREVISION_CLIENT= 0 PORTREVISION_RELAY= 0 PORTREVISION_DEVEL= 0 Index: net/isc-dhcp31-server/distinfo =================================================================== RCS file: /ncvs/ports/net/isc-dhcp31-server/distinfo,v retrieving revision 1.64 diff -u -r1.64 distinfo --- net/isc-dhcp31-server/distinfo 20 Mar 2011 12:51:32 -0000 1.64 +++ net/isc-dhcp31-server/distinfo 11 Aug 2011 18:32:26 -0000 @@ -1,2 +1,2 @@ -SHA256 (dhcp-3.1-ESV.tar.gz) = e316b7dc34f05e38724273a473f823719281f229a71a80bc358f8e74687fd7d7 -SIZE (dhcp-3.1-ESV.tar.gz) = 797454 +SHA256 (dhcp-3.1-ESV-R3.tar.gz) = fb86e124c1fe57d6d6376ceb3eb025320cce5b98002b614e1540fc21a88d6bc6 +SIZE (dhcp-3.1-ESV-R3.tar.gz) = 799075 Index: net/isc-dhcp41-server/Makefile =================================================================== RCS file: /ncvs/ports/net/isc-dhcp41-server/Makefile,v retrieving revision 1.24 diff -u -r1.24 Makefile --- net/isc-dhcp41-server/Makefile 10 Jul 2011 03:24:46 -0000 1.24 +++ net/isc-dhcp41-server/Makefile 11 Aug 2011 18:31:53 -0000 @@ -21,8 +21,8 @@ LICENSE= ISCL -PATCHLEVEL= R2 -PORTREVISION_SERVER= 1 +PATCHLEVEL= R3 +PORTREVISION_SERVER= 2 PORTREVISION_CLIENT= 0 PORTREVISION_RELAY= 2 Index: net/isc-dhcp41-server/distinfo =================================================================== RCS file: /ncvs/ports/net/isc-dhcp41-server/distinfo,v retrieving revision 1.6 diff -u -r1.6 distinfo --- net/isc-dhcp41-server/distinfo 10 Apr 2011 21:40:52 -0000 1.6 +++ net/isc-dhcp41-server/distinfo 11 Aug 2011 18:31:38 -0000 @@ -1,4 +1,2 @@ -SHA256 (dhcp-4.1-ESV-R2.tar.gz) = 49fa6f00ceee536e1e66698cc416279d333f833e41d545185a5b8684638cff03 -SIZE (dhcp-4.1-ESV-R2.tar.gz) = 1094285 -SHA256 (ldap-for-dhcp-4.1.1-2.tar.gz) = 566b7be2ebefdc583d0bf0095c804ba69807b67e5cc29a2b64b1b39202b37d0d -SIZE (ldap-for-dhcp-4.1.1-2.tar.gz) = 39004 +SHA256 (dhcp-4.1-ESV-R3.tar.gz) = 0bed3380e1daf6f17e3524d5ef282c8f0d2ca1f455479463bf15f0d44b76c615 +SIZE (dhcp-4.1-ESV-R3.tar.gz) = 1103284 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110811184632.5EF7D5C43>