-
isc-dhcp (4.1.ESV-R4-0ubuntu5.13) precise-security; urgency=medium
* SECURITY UPDATE: buffer overflow in dhclient
- debian/patches/CVE-2018-573x.patch: check option data size in
common/options.c.
- CVE-2018-5732
* SECURITY UPDATE: reference counter overflow in dhcpd
- debian/patches/CVE-2018-573x.patch: avoid overflow in
common/options.c.
- CVE-2018-5733
-- <email address hidden> (Leonidas S. Barbosa) Fri, 25 May 2018 11:32:13 -0300
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.12) precise; urgency=medium
* ipv6: wait for duplicate address detection to finish (LP: #1633479).
-- Scott Moser <email address hidden> Mon, 31 Oct 2016 14:30:03 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.11) precise; urgency=medium
* Don't assume IPv6 prefix length of 64 (LP: #1609898).
Pulled from debian commit c347ab8a43587164486ce1f104eedfd638594e59.
-- Dan Streetman <email address hidden> Thu, 04 Aug 2016 13:07:23 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.10) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via incorrect UDP payload length
- debian/patches/CVE-2015-8605.dpatch: properly check payload length in
common/packet.c.
- CVE-2015-8605
-- Marc Deslauriers <email address hidden> Mon, 11 Jan 2016 07:59:30 -0500
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.9) precise-proposed; urgency=low
* debian/dhclient-script.linux: Allow stateless DHCPv6 to complete
configuration. (LP: #1214385)
-- Philipp Kern <email address hidden> Tue, 20 Aug 2013 15:24:27 +0200
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.8) precise-proposed; urgency=low
[ Dave Chiluk ]
* Allow dhcpd to read /etc/ldap/ldap.conf for isc-dhcp-server-ldap.
(LP: #1057358). Backported from Stéphane Graber's quantal patch.
[ Stéphane Graber ]
* Include patch from RedHat/Fedora to deal with hardware/xen/virtio offload
of UDP checksums. (LP: #930962)
* Update apparmor profile to add required the "network packet raw" rule
for the checksum change.
-- Stephane Graber <email address hidden> Thu, 23 May 2013 11:13:07 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.7) precise; urgency=low
* Allow dhcpd to read /etc/ldap/ldap.conf for isc-dhcp-server-ldap.
(LP: #1057358). Backported from Stéphane Graber's quantal patch.
-- chiluk <email address hidden> Thu, 31 Jan 2013 16:44:46 -0600
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.6) precise-proposed; urgency=low
[ Scott Moser ]
* debian/apparmor-profile.dhcpd: use include directory to enable
other packages to re-use isc-dhcp-server. (LP: #1049177)
[ Stéphane Graber ]
* Update onetry_retry_after_initial_success to disable the onetry variable
early enough to actually prevent dhclient from exiting. (LP: #974284)
* Update droppriv patch to also call initgroups() (LP: #727837)
-- Stephane Graber <email address hidden> Tue, 18 Sep 2012 10:34:10 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.5) precise-security; urgency=low
[ Jamie Strandboge ]
* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
since AppArmor isn't used in these environments.
- LP: #1045986
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via ipv6 lease expiration time
reduction
- debian/patches/CVE-2012-3955.patch: properly handle time reduction in
server/dhcpv6.c, server/mdb6.c.
- CVE-2012-3955
-- Marc Deslauriers <email address hidden> Fri, 14 Sep 2012 12:58:33 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.3) precise-proposed; urgency=low
* Move onetry_retry_after_initial_success to the proper spot in the patch
stack so that it actually gets applied. (LP: #974284)
-- Stephane Graber <email address hidden> Fri, 27 Jul 2012 10:09:55 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.2) precise-security; urgency=low
* SECURITY UPDATE: denial of service via malformed client identifiers
- debian/patches/CVE-2012-3571.dpatch: validate packets in
common/options.{c,h}.
- CVE-2012-3571.dpatch
* SECURITY UPDATE: denial of service via memory leaks
- debian/patches/CVE-2012-3954.dpatch: properly manage memory in
common/options.c and server/dhcpv6.c.
- CVE-2012-3954
-- Marc Deslauriers <email address hidden> Wed, 25 Jul 2012 17:04:18 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5.1) precise-proposed; urgency=low
* Set -pf option for both isc-dhcp-server and isc-dhcp-server6 so they
create their pid files in a path that's actually writable. (LP: #985417)
* Also allow read access to the pid file in the apparmor profile,
otherwise only the initial start succeeds. (LP: #1005062)
* On upgrade from dhcp3-server, move /etc/default/dhcp3-server to
/etc/default/isc-dhcp-server. (LP: #1003971)
* On upgrade from dhcp3-relay, remove /etc/default/dhcp3-relay.
(LP: #1005547)
* Try to preseed isc-dhcp-relay with the values from
/etc/default/dhcp3-relay. (LP: #1005547)
-- Stephane Graber <email address hidden> Sun, 27 May 2012 20:41:13 -0400
-
isc-dhcp (4.1.ESV-R4-0ubuntu5) precise; urgency=low
* When dhclient is called with -1, exit on failure to get a lease only
when getting the initial lease. Once backgrounded, behave exactly like
in normal mode. (LP: #974284)
-- Stephane Graber <email address hidden> Tue, 10 Apr 2012 14:19:23 +0200
-
isc-dhcp (4.1.ESV-R4-0ubuntu4) precise; urgency=low
* debian/apparmor-profile.dhcpd:
- allow writes to the compiled in default pid file (LP: #974054)
- allow reads to /var/lib/wicd/* (LP: #588635)
-- Jamie Strandboge <email address hidden> Thu, 05 Apr 2012 07:19:11 -0500
-
isc-dhcp (4.1.ESV-R4-0ubuntu3) precise; urgency=low
* Spawn separate IPv4 and IPv6 daemons. (LP: #944849)
* Convert /etc/init.d/isc-dhcp-server to two upstart jobs:
- /etc/init/isc-dhcp-server.conf (using /etc/isc-dhcp-server/dhcpd.conf)
- /etc/init/isc-dhcp-server6.conf (using /etc/isc-dhcp-server/dhcpd6.conf)
* Convert /etc/init.d/isc-dhcp-relay to two upstart jobs:
- /etc/init/isc-dhcp-relay.conf (using /etc/default/isc-dhcp-relay)
- /etc/init/isc-dhcp-relay6.conf (using /etc/default/isc-dhcp-relay6)
* To enable isc-dhcp-server6, create /etc/isc-dhcp-server/dhcpd6.conf
* To enable isc-dhcp-relay6, configure /etc/default/isc-dhcp-relay6
-- Stephane Graber <email address hidden> Tue, 06 Mar 2012 13:22:41 -0500
-
isc-dhcp (4.1.ESV-R4-0ubuntu2) precise; urgency=low
* debian/control: Build-Depends on dh-apparmor (LP: #948132)
-- Jamie Strandboge <email address hidden> Tue, 06 Mar 2012 09:58:59 -0600
-
isc-dhcp (4.1.ESV-R4-0ubuntu1) precise; urgency=low
* New upstream release (4.1-ESV-R4) (LP: #937169)
https://deepthought.isc.org/article/AA-00566
* Removed patches (now upstream):
- CVE-2010-3611.dpatch
- CVE-2011-0413.dpatch
- CVE-2011-0997.dpatch
- CVE-2011-2748-2749.dpatch
- CVE-2011-4539.dpatch
- dhclient-initial-random-delay-option.dpatch
- fix_groff_warnings.dpatch
- no-libcrypto.dpatch
* Refreshed patches:
- dhcp-4.1.0-ldap-code.dpatch
- fix_exit_hook_doc_manpage.dpatch
-- Stephane Graber <email address hidden> Mon, 20 Feb 2012 13:05:01 -0500
-
isc-dhcp (4.1.1-P1-17ubuntu13) precise; urgency=low
* debian/apparmor-profile.dhclient: allow the new pid file for dhclient which
NetworkManager will use. (LP: #869635)
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 16 Feb 2012 17:01:19 -0500
-
isc-dhcp (4.1.1-P1-17ubuntu12) precise; urgency=low
* SECURITY UPDATE: denial of service via regular expressions
- debian/patches/CVE-2011-4539.dpatch: add check for null pointer in
common/tree.c.
- CVE-2011-4539
-- Marc Deslauriers <email address hidden> Wed, 14 Dec 2011 15:49:11 -0500
-
isc-dhcp (4.1.1-P1-17ubuntu11) precise; urgency=low
* debian/dhclient-script.linux: fix for read-only /etc (LP: #857524)
-- Scott Moser <email address hidden> Mon, 24 Oct 2011 22:28:35 -0400
-
isc-dhcp (4.1.1-P1-17ubuntu10) oneiric; urgency=low
* make sure writing of /etc/resolv.conf actually waits until the file is
writable (LP: #856984)
-- Scott Moser <email address hidden> Fri, 23 Sep 2011 11:26:29 -0400