[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 385-2] isc-dhcp regression update

Package        : isc-dhcp
Version        : 4.1.1-P1-15+squeeze10
CVE ID         : CVE-2015-8605
Debian Bug     : #810875

With the previous upload of the isc-dhcp package to Debian Squeeze LTS
two issues got introduced into LTS that are resolved by this upload.


CVE-2015-8605 had only been resolved for the LDAP variant of the DHCP
server package built from the isc-dhcp source package. With upload of
version 4.1.1-P1-15+squeeze10, now all DHCP server variants (LDAP and
non-LDAP alike) include the fix for CVE-2015-8605. Thanks to Ben
Hutchings for spotting this inaccuracy.


The amd64 binary build of the previously uploaded isc-dhcp version
(4.1.1-P1-15+squeeze9) was flawed and searched for the dhcpd.conf
configuration file at the wrong location [1,2,3]. This flaw in the amd64
build had been caused by a not-100%-pure-squeeze-lts build system on the
maintainer's end. The amd64 build of version 4.1.1-P1-15+squeeze10 has
been redone in a brand-new build environment and does not show the
reported symptom(s) anymore.

I deeply apologize for the experienced inconvenience to all who
encountered this issue.

[1] https://bugs.debian.org/811097
[2] https://bugs.debian.org/811397
[3] https://bugs.debian.org/811402


mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net

Attachment: signature.asc
Description: Digital signature

Reply to: