Hi, Uploading a 0-day NMU based on Steffens patch since Steffen is away at this weekend and noone else seems to do it :) Kind regards Nico
-- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u dhcp-2.0pl5dfsg1/debian/changelog dhcp-2.0pl5dfsg1/debian/changelog
--- dhcp-2.0pl5dfsg1/debian/changelog
+++ dhcp-2.0pl5dfsg1/debian/changelog
@@ -1,3 +1,12 @@
+dhcp (2.0pl5dfsg1-20.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Fix stack-based buffer overflow in options.c, which allows arbitrary
+ code execution or cause of a DoS through remote attackers
+ Fixes: CVE-2007-5365
+
+ -- Nico Golde <[EMAIL PROTECTED]> Sat, 27 Oct 2007 16:05:29 +0200
+
dhcp (2.0pl5dfsg1-20) unstable; urgency=medium
* Taking over unmaintained package.
only in patch2:
unchanged:
--- dhcp-2.0pl5dfsg1.orig/debian/patches/305_CVE-2007-5365.patch
+++ dhcp-2.0pl5dfsg1/debian/patches/305_CVE-2007-5365.patch
@@ -0,0 +1,16 @@
+--- options.c.orig 2007-10-12 12:22:41.000000000 +0000
++++ dhcp-2.0pl5dfsg1/common/options.c 2007-10-12 12:23:42.000000000 +0000
+@@ -188,9 +188,12 @@
+ inpacket &&
+ inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].data &&
+ (inpacket -> options [DHO_DHCP_MAX_MESSAGE_SIZE].len >=
+- sizeof (u_int16_t)))
++ sizeof (u_int16_t))){
+ mms = getUShort (inpacket -> options
+ [DHO_DHCP_MAX_MESSAGE_SIZE].data);
++ if (mms < 576)
++ mms = 576; /* mms must be >= minimum IP MTU */
++ }
+
+ /* If the client has provided a maximum DHCP message size,
+ use that; otherwise, if it's BOOTP, only 64 bytes; otherwise
pgphEwxyI0KT8.pgp
Description: PGP signature
