Fwd: dhcp-2 Security Announcement

[Jan Lühr <jluehr@gmx.net>]

Greetings,

just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)

Keep smiling
yanosz

--- Begin Message ---

• To: dhcp-announce@isc.org
• Subject: dhcp-2 Security Announcement
• From: "David W. Hankins" <David_Hankins@isc.org>
• Date: Mon, 8 Nov 2004 16:33:45 -0800
• Message-id: <20041109003345.GG763@isc.org>
• Reply-to: dhcp-server@isc.org

  *** From dhcp-announce -- To unsubscribe, see the end of this message. ***

Debian has recently distributed a security advisory on the dhcp-2.0pl5
package they distribute.  You can read about that here:

    http://www.debian.org/security/2004/dsa-584

The following versions of ISC DHCP are vulnerable:

    dhcp-2.0:  All versions are vulnerable.
    dhcp-3.0:  dhcp-3.0b1pl17 and previous versions are vulnerable.

All users of these versions should upgrade to the latest dhcp-3
release, currently dhcp-3.0.1.


Note: If for some reason upgrading from dhcp-2 is not possible, you
may also consider applying this patch:

    ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch
    ftp://ftp.isc.org/isc/dhcp/dhcp-2.0-history/dhcp-2.0pl6.patch.asc

But users are strongly advised to make the upgrade to dhcp-3 now.

-- 
David W. Hankins		"If you don't do it right the first time,
Operations Engineer			you'll just have to do it again."
Internet Systems Consortium, Inc.		-- Jack T. Hankins
-----------------------------------------------------------------------
To unsubscribe from this list, visit http://www.isc.org/dhcp-lists.html
or send mail to dhcp-announce-request@isc.org with the subject line of
'unsubscribe'.
-----------------------------------------------------------------------

--- End Message ---