Bug#770332: pu: package dhcpcd5/5.5.6-1
Package: release.debian.org
Severity: normal
Tags: security patch
User: release.debian.org@packages.debian.org
Usertags: pu
Dear all,
A denial of service issues was fixed upstream. It received the CVE-2014-6060.
The fix commit got cherrypicked into unstable recently.
So now, I'm getting this down to stable.
You'll find attached the debdiff & the dsc of the package against stable.
Cheers,
Pierre
-- System Information:
Debian Release: 7.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Format: 3.0 (quilt)
Source: dhcpcd5
Binary: dhcpcd5
Architecture: any
Version: 5.5.6-1+deb7u1
Maintainer: Roy Marples <roy@marples.name>
Homepage: http://roy.marples.name/projects/dhcpcd
Standards-Version: 3.9.3
Build-Depends: debhelper (>= 7.0.50~)
Package-List:
dhcpcd5 deb net optional
Checksums-Sha1:
7f9ca207bce051252c0acb6a6cae3de22babcb20 78185 dhcpcd5_5.5.6.orig.tar.bz2
390a24ca7ef446b1381946ba116923e74652c4e3 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
Checksums-Sha256:
657f10dc7de48cba9f7170b593bf0e11987d06bd12378e3f4cd01b9e99b1e8e7 78185 dhcpcd5_5.5.6.orig.tar.bz2
c0ed72a70c907198582d9ba8c7f4d25fccdc0f38f6f9b8247afb034a2e2718cb 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
Files:
a5c0e43b4e836cfc003437329f6b7982 78185 dhcpcd5_5.5.6.orig.tar.bz2
e69abe2b74159b6bf6cba8fc3463379a 3767 dhcpcd5_5.5.6-1+deb7u1.debian.tar.gz
diff -Nru dhcpcd5-5.5.6/debian/changelog dhcpcd5-5.5.6/debian/changelog
--- dhcpcd5-5.5.6/debian/changelog 2012-04-01 11:25:26.000000000 +0200
+++ dhcpcd5-5.5.6/debian/changelog 2014-11-20 13:32:23.000000000 +0100
@@ -1,3 +1,11 @@
+dhcpcd5 (5.5.6-1+deb7u1) stable; urgency=medium
+
+ * Non-maintainer upload by the Security Team.
+ * Fix denial of service (CVE-2014-6060) in dhcpcd5:
+ - backport fix from debian unstable dhcpcd5/6.0.5-2
+
+ -- Pierre Schweitzer <pierre@reactos.org> Thu, 20 Nov 2014 13:29:49 +0100
+
dhcpcd5 (5.5.6-1) unstable; urgency=medium
* New upstream release
diff -Nru dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch
--- dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch 1970-01-01 01:00:00.000000000 +0100
+++ dhcpcd5-5.5.6/debian/patches/CVE-2014-6060.patch 2014-11-20 13:25:21.000000000 +0100
@@ -0,0 +1,27 @@
+Description: Fix CVE-2014-6060
+ Only bits 1 and 2 are used in the DHCP overload option, so when we
+ encounter the option set the last bit as well to ensure servername and
+ bootfile are only checked once as their check unsets bits 1 and 2.
+ Thanks to Tobias Stoeckmann.
+Origin: upstream, http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
+Bug-Debian: https://bugs.debian.org/770043
+From: Roy Marples <roy@marples.name>
+Applied-Upstream: 6.4.3
+
+--- a/dhcp.c
++++ b/dhcp.c
+@@ -343,9 +343,12 @@ get_option(const struct dhcp_message *dh
+ goto exit;
+ break;
+ case DHO_OPTIONSOVERLOADED:
+- /* Ensure we only get this option once */
++ /* Ensure we only get this option once by setting
++ * the last bit as well as the value.
++ * This is valid because only the first two bits
++ * actually mean anything in RFC2132 Section 9.3 */
+ if (!overl)
+- overl = p[1];
++ overl = 0x80 | p[1];
+ break;
+ }
+ l = *p++;
diff -Nru dhcpcd5-5.5.6/debian/patches/series dhcpcd5-5.5.6/debian/patches/series
--- dhcpcd5-5.5.6/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ dhcpcd5-5.5.6/debian/patches/series 2014-11-14 21:20:39.000000000 +0100
@@ -0,0 +1 @@
+CVE-2014-6060.patch
Reply to: