Overview

File _patchinfo of Package patchinfo.2509

<patchinfo incident="2509">
  <issue id="972907" tracker="bnc">dhcpd won't use /etc/hosts to resolve name of ldap-server</issue>
  <issue id="969820" tracker="bnc">VUL-1: CVE-2016-2774:  dhcp: denial of service on IPC TCP ports</issue>
  <issue id="CVE-2016-2774" tracker="cve">VUL-1: CVE-2016-2774:  dhcp: denial of service on IPC TCP ports</issue>
  <category>security</category>
  <rating>moderate</rating>
  <packager>ndas</packager>
  <description>
This update for dhcp fixes the following issues:

Security issue fixed:
- CVE-2016-2774: Fixed a denial of service attack against the DHCP server over the OMAPI TCP socket, which could be used
  by network adjacent attackers to make the DHCP server non-functional (bsc#969820).

Non security issues fixed:
- Rename freeaddrinfo(), getaddrinfo() and getnameinfo() in the internal libirs
  library that does not consider /etc/hosts and /etc/nsswitch.conf to use irs_
  prefix. This prevents name conflicts which would result in overriding standard
  glibc functions used by libldap. (bsc#972907)
</description>
  <summary>Security update for dhcp</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places