[pkg-dhcp-devel] Bug#611217: CVE-2011-0413: crash after DHCPv6 decline message
Adam D. Barratt
adam at adam-barratt.org.uk
Wed Jan 26 21:39:15 UTC 2011
user release.debian.org at packages.debian.org
usertag 611217 + squeeze-can-defer
tag 611217 + squeeze-ignore
thanks
On Wed, 2011-01-26 at 15:24 -0600, Raphael Geissert wrote:
> > When the DHCPv6 server code processes a message for an address that was
> > previously declined and internally tagged as abandoned it can trigger an
> > assert failure resulting in the server crashing. This could be used to
> > crash DHCPv6 servers remotely. This issue only affects DHCPv6 servers.
> > DHCPv4 servers are unaffected.
This sounds like it can be fixed after release if need be; tagging as
not a blocker.
Regards,
Adam
More information about the pkg-dhcp-devel
mailing list