dhcpcd security update
A rogue dhcp server could instruct clients to use a host
name that contains shell meta characters. Since many
scripts in the system do not expect unusal characters in
the system's host name the dhcp client needs to sanitize
the host name offered by the server (CVE-2011-0996).
Note this update is actually just a re-release of the
previous one. The security fix made dhcpcd crash if the
DHCP server sent a SIP option that was not decodable.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4412
Fixed bugs
bnc#675052
VUL-0: CVE-2011-0997: dhcp-client / dhcpcd: remote/local root hole via rogue hostname
bnc#687850
dhcpcd crashes on sip option
CVE#CVE-2011-0996
dhcpcd before 5.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message.
