Overview

File _patchinfo of Package patchinfo.4389

<patchinfo incident="4389">
  <issue id="1073935" tracker="bnc">When dhcp server loads it creates extra open ports on</issue>
  <issue id="1076119" tracker="bnc">VUL-0: CVE-2017-3144: dhcp:  dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service</issue>
  <issue id="2017-3144" tracker="cve" />
  <issue id="987170" tracker="bnc">too strict permissions for /sbin/dhclient-script</issue>
  <issue id="1059061" tracker="bnc">L3: DHCP issues with CISCO UCS Blades</issue>
  <issue id="1023415" tracker="bnc">dhclient does not update routing table</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>ndas</packager>
  <description> This update for dhcp fixes several issues.

This security issue was fixed:

- CVE-2017-3144: OMAPI code didn't free socket descriptors when empty message
  is received allowing DoS (bsc#1076119).

These non-security issues were fixed:

- Optimized if and when DNS client context and ports are initted (bsc#1073935)
- Relax permission of dhclient-script for libguestfs (bsc#987170)
- Modify dhclient-script to handle static route updates (bsc#1023415).
- Use only the 12 least significant bits of an inbound packet's TCI value as the VLAN ID
  to fix some packages being wrongly discarded by the Linux packet filter. (bsc#1059061)
</description>
  <summary>Security update for dhcp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places