=========================================================== Ubuntu Security Notice USN-531-2 October 23, 2007 dhcp vulnerability CVE-2007-5365 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp 2.0pl5-19.4ubuntu0.2 Ubuntu 6.10: dhcp 2.0pl5-19.4ubuntu1.2 Ubuntu 7.04: dhcp 2.0pl5-19.5ubuntu2.2 Ubuntu 7.10: dhcp 2.0pl5dfsg1-20ubuntu1.2 In general, a standard system upgrade is sufficient to affect the necessary changes. Details follow: USN-531-1 fixed vulnerabilities in dhcp. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. This update fixes the problem. Original advisory details: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2.diff.gz Size/MD5: 108361 26e4711d0e61071ed8f62e852fbdc0fa http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2.dsc Size/MD5: 691 083cb6f6f41743935cd80a27ea8b3592 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.2_amd64.udeb Size/MD5: 47330 3825287312fbf048e30b5781f973ba43 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.2_amd64.deb Size/MD5: 109694 360a1774423c682bbaaa96a4cc72c756 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.2_amd64.deb Size/MD5: 76834 32466b1afa0f1f72b3fbf69670b67ce5 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2_amd64.deb Size/MD5: 115904 fc0773a8e0aeb70487fe59dfed8d9cea i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.2_i386.udeb Size/MD5: 41288 6a0a95f369fd7f30c8ae0c1c5118d4a6 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.2_i386.deb Size/MD5: 103824 3a6ba843ca9a7ecb743dd46dfae1859e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.2_i386.deb Size/MD5: 73004 7946aac040d53bdab34d209ab48ce4c9 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2_i386.deb Size/MD5: 110226 e50edade34242d83873ad47d173172dc powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.2_powerpc.udeb Size/MD5: 43658 cecfee6211b9d314c9e2262addc2a9d3 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.2_powerpc.deb Size/MD5: 106242 923e762e02761705c6f5a82fa50ee986 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.2_powerpc.deb Size/MD5: 74942 49a9ea8c3510a35bb68de01439ad3afa http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2_powerpc.deb Size/MD5: 112508 cf9b93a0f8068dfcb57682f69115a26d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu0.2_sparc.udeb Size/MD5: 43846 b82c02c8b0201b360e2ac0568771fe11 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu0.2_sparc.deb Size/MD5: 106594 f9354c07f2c662747a08f4fbabbb24ba http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu0.2_sparc.deb Size/MD5: 75090 397769136dbaf1b560f4eab246782552 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu0.2_sparc.deb Size/MD5: 113012 05e061214e2dfe6788ec7b6259781204 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2.diff.gz Size/MD5: 108593 794177cbbaf7e5cd59b28c1b844112d2 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2.dsc Size/MD5: 691 25a4051d656b570ebdcb684c6ba1ffd7 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.2_amd64.udeb Size/MD5: 48108 460faf9cabfdb25d3653f6b50a16bd59 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.2_amd64.deb Size/MD5: 110536 9a23e777d8355dc3966e6285c90806d3 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.2_amd64.deb Size/MD5: 77522 5be8c26e18afa6020e1a9ee40b29bc9d http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2_amd64.deb Size/MD5: 116996 943a8c08cdeedc23dfdb9a9f6956b79b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.2_i386.udeb Size/MD5: 42384 e0f40caa5c697208c56ac099af9c9c83 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.2_i386.deb Size/MD5: 104924 bf3a6f6ea887f2144fe4a4b69a12f1a9 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.2_i386.deb Size/MD5: 73928 0e3f588a9b09fd77b45367af503c4cfb http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2_i386.deb Size/MD5: 111620 34f2e4e78c3aee92f30337ba61561ea2 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.2_powerpc.udeb Size/MD5: 44122 af396c9f23f38fcf880bd777bb07359a http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.2_powerpc.deb Size/MD5: 106872 1a2e18a4a20919353cad7237b957b087 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.2_powerpc.deb Size/MD5: 75530 2a3e8df8de66d7e60dea9fc8c240bfa7 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2_powerpc.deb Size/MD5: 113064 a9bec0c92a325b46feee6ed70ef18bd8 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.4ubuntu1.2_sparc.udeb Size/MD5: 45210 e621d61253a21448988cbe90baefcdce http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.4ubuntu1.2_sparc.deb Size/MD5: 107950 e5f27c154651caf2d8a746588e5dcf6b http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.4ubuntu1.2_sparc.deb Size/MD5: 76222 c08bed7bd1315bdcb5143965bd9fd422 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.4ubuntu1.2_sparc.deb Size/MD5: 114518 674ddd4ee3785ddf86e226f5e7b0b7d7 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2.diff.gz Size/MD5: 109134 30b57e077227da9e0f0ee06159307f20 http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2.dsc Size/MD5: 775 023ad71a705e9e5508ceec75c34e8abb http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp_2.0pl5.orig.tar.gz Size/MD5: 294909 ab22f363a7aff924e2cc9d1019a21498 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.2_amd64.udeb Size/MD5: 48152 7b368426b324390f3af6fd41c0f1e29d http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.2_amd64.deb Size/MD5: 110846 2596aee31c82a1bf32791dfbb552553e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.2_amd64.deb Size/MD5: 77830 ecc0f821e144112d21dee92ef84419da http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2_amd64.deb Size/MD5: 117298 d843ec195a69d2fd6635a7f931c12173 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.2_i386.udeb Size/MD5: 42394 b1ca27147853d1b338476d4754543d29 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.2_i386.deb Size/MD5: 105190 5ea6dbf0338de08695a5a5bbbb125685 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.2_i386.deb Size/MD5: 74268 9f0edb3eb5130e4f77a2f434fed6def1 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2_i386.deb Size/MD5: 111950 93a56ea5baf4a6de9f7d58da30aa8178 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.2_powerpc.udeb Size/MD5: 45220 78a104add781d7aaaec5a7f99f6e521d http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.2_powerpc.deb Size/MD5: 108186 c28f054f61fb21ab203e55bb0606205d http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.2_powerpc.deb Size/MD5: 76594 d82c42098eb9a16369ee1d1503b02e7a http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2_powerpc.deb Size/MD5: 114322 11c566afec960192bdeccda56d61699f sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.5ubuntu2.2_sparc.udeb Size/MD5: 45762 b3332f76f7ca9ff51c5624903a6209ad http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5-19.5ubuntu2.2_sparc.deb Size/MD5: 108630 4fdded64c7bf5c689f7954e45e77bec8 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5-19.5ubuntu2.2_sparc.deb Size/MD5: 76852 dd4710d664a6c71badf2a8ce626f488a http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5-19.5ubuntu2.2_sparc.deb Size/MD5: 115310 bb677949a2141fc78a29e49085aae0ef Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2.diff.gz Size/MD5: 58494 af23e0b22a58ecfb6826a622df612faa http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2.dsc Size/MD5: 734 d5b4ce2e0c39dd17eb48e1f0de38a00b http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1.orig.tar.gz Size/MD5: 244890 0e1a88fe2e55c310f1a2f9150f4aeeee amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.2_amd64.udeb Size/MD5: 48466 2bb62fd8661a2403f765aced65995af4 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.2_amd64.deb Size/MD5: 110902 f4c4b35b91942e8a4ffa2885ce3d680e http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.2_amd64.deb Size/MD5: 77758 ac413a618a225181cb24ee21fa103c58 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2_amd64.deb Size/MD5: 117188 3b7a32a62686a3f0e0608da5359a24ae i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.2_i386.udeb Size/MD5: 42388 19218b0b50c3e44bcef3ecf209234287 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.2_i386.deb Size/MD5: 104910 04e44bd7ceec3f3075f8b2adc6ee7446 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.2_i386.deb Size/MD5: 73978 427049efd4b160d2bf0096e9da75d49f http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2_i386.deb Size/MD5: 111660 5b498322836d5577db761511bb0c93fe powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.2_powerpc.udeb Size/MD5: 45200 b5ba3dc2693e33ab00110f43ed82fcf8 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.2_powerpc.deb Size/MD5: 107792 e76086f088b8a2ad4cd2a565cb60d407 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.2_powerpc.deb Size/MD5: 76270 0af141e493c13f7fb055a5204bc8862f http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2_powerpc.deb Size/MD5: 114034 0fd34e5c2a0cd28511942eb0763fb0f6 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client-udeb_2.0pl5dfsg1-20ubuntu1.2_sparc.udeb Size/MD5: 45772 cc24dfd77bae3efca63515edbe5e76e0 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-client_2.0pl5dfsg1-20ubuntu1.2_sparc.deb Size/MD5: 108362 d02344a41aa3a55960075a45624cde33 http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp-relay_2.0pl5dfsg1-20ubuntu1.2_sparc.deb Size/MD5: 76584 038af0579f53b942299c4db9f46a389d http://security.ubuntu.com/ubuntu/pool/universe/d/dhcp/dhcp_2.0pl5dfsg1-20ubuntu1.2_sparc.deb Size/MD5: 114962 e2f9a3572d44f4ca69f527a192ea93a7
Attachment:
signature.asc
Description: Digital signature