Headline
RHSA-2023:2502: Red Hat Security Advisory: dhcp security and enhancement update
An update for dhcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-2928: An integer overflow vulnerability was found in the DHCP server. When the "option_code_hash_lookup()" function is called from "add_option()", it increases the option’s “refcount” field. However, there is not a corresponding call to "option_dereference()" to decrement the “refcount” field. The "add_option()" function is only used in server responses to lease query packets. Each lease query response calls this function for several options. Hence, a DHCP server configured with “allow lease query,” a remote machine with access to the server, can send lease queries for the same lease multiple times, leading to the "add_option()" function being called repeatedly. This issue could cause the reference counters to overflow and the server to abort or crash.
- CVE-2022-2929: A vulnerability was found in the DHCP server where the "fqdn_universe_decode()" function allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS “label” is 63 bytes. The function tests the length byte of each label contained in the "fqdn"; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This issue causes a memory leak. On a system with access to a DHCP server, an attacker from any adjacent network could send DHCP packets crafted to include “fqdn” labels longer than 63 bytes to the DHCP server, eventually causing the server to run out of memory and crash.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2502 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: dhcp security and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for dhcp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
- dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort (CVE-2022-2928)
- dhcp: DHCP memory leak (CVE-2022-2929)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2095396 - [RFE] dhcp use systemd-sysusers
- BZ - 2132001 - CVE-2022-2929 dhcp: DHCP memory leak
- BZ - 2132002 - CVE-2022-2928 dhcp: option refcount overflow when leasequery is enabled leading to dhcpd abort
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
dhcp-4.4.2-18.b1.el9.src.rpm
SHA-256: 45af5d5c96edd44f92981388825af75f6c07a35456ccf058ec92e30d886790f9
x86_64
dhcp-client-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 8de518a6c827a9f3956f4cc5c011f25a32e3cc4a7fd32d0ed1076e8a6f6134ec
dhcp-client-debuginfo-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 580916490c8ae21563856e144c122633e4e737129c5d0c62f02c89ae79cbf8e1
dhcp-common-4.4.2-18.b1.el9.noarch.rpm
SHA-256: b4c9231c4d2a53d531b8993df4ace4359af2a840cc654af4c3b29ba617203159
dhcp-debuginfo-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: d222400c37b67f336dd21e76b10cbfc2cc85883a8a6133e3eed8f92708860be0
dhcp-debugsource-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: f090a2a04e1225e1c0477bfa8d31a432bed28a04cddf6240b61757e7e65c71ef
dhcp-relay-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 4f37476375ef8d7c7a9bf91e08cb39459c255f88e87447e21e32aabb90ffcf5b
dhcp-relay-debuginfo-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 6095b5584f252c0ee00c4bbfe752f4eee242a894ae7f14898644b79ead5121d3
dhcp-server-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 0fe098174155561e23544a13712b6c60edbe1c58ace36c1309756c89fa0e29f7
dhcp-server-debuginfo-4.4.2-18.b1.el9.x86_64.rpm
SHA-256: 6c971c0b94d2b4a200a94be3024e665587c7ba36dd73b905dfd783de8ef9aa30
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
dhcp-4.4.2-18.b1.el9.src.rpm
SHA-256: 45af5d5c96edd44f92981388825af75f6c07a35456ccf058ec92e30d886790f9
s390x
dhcp-client-4.4.2-18.b1.el9.s390x.rpm
SHA-256: 9a448e4840ab9798811868a1543e1eb84223c6cb2f241c3ce855394bdfebf983
dhcp-client-debuginfo-4.4.2-18.b1.el9.s390x.rpm
SHA-256: 1e896381637b22f9442c31224ae2e4e5c2def8e5e237b5ebf2288262bd5c9492
dhcp-common-4.4.2-18.b1.el9.noarch.rpm
SHA-256: b4c9231c4d2a53d531b8993df4ace4359af2a840cc654af4c3b29ba617203159
dhcp-debuginfo-4.4.2-18.b1.el9.s390x.rpm
SHA-256: 2c66bc8fa6a8d01f1b3c565369f9942b5523041bcc6015dbf3b3b7c3cf0967ce
dhcp-debugsource-4.4.2-18.b1.el9.s390x.rpm
SHA-256: adac76f9335c73f39912910d30b0688548563c25cef56a2ee4cc7e2eab653ea0
dhcp-relay-4.4.2-18.b1.el9.s390x.rpm
SHA-256: b3bf82359a7252de9de07c38bcc0405b732a6e4b75e781fb70a7b1fa2b0b867e
dhcp-relay-debuginfo-4.4.2-18.b1.el9.s390x.rpm
SHA-256: b443b18bdc5a52187e178603d4b3248521f652af6472f373b6183e25f2d58f4d
dhcp-server-4.4.2-18.b1.el9.s390x.rpm
SHA-256: 9a9946e12e5ec5083298c3540a72d09c44676196b5ab656516224d63d3c250bf
dhcp-server-debuginfo-4.4.2-18.b1.el9.s390x.rpm
SHA-256: 08b51ac0bb30e820af962424e0ea5a6d80b90be8d48b6c9fe52d436a5bd39463
Red Hat Enterprise Linux for Power, little endian 9
SRPM
dhcp-4.4.2-18.b1.el9.src.rpm
SHA-256: 45af5d5c96edd44f92981388825af75f6c07a35456ccf058ec92e30d886790f9
ppc64le
dhcp-client-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: a672fe2c41d09b2949111b47e25a3efe272214cd928301693bef391e3adb0d46
dhcp-client-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: 3be770e337c83a0580c6dc3ea683df73f047f785a7498261f6d29680a483650e
dhcp-common-4.4.2-18.b1.el9.noarch.rpm
SHA-256: b4c9231c4d2a53d531b8993df4ace4359af2a840cc654af4c3b29ba617203159
dhcp-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: 9d68546669d10896d5dac428d3e41ed4a6fb0205cc4dcdd64bd7dc4507566b43
dhcp-debugsource-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: 2a50cb174e0e41d1000779c6d61da1f2c0fce2e7c7b450d3e3a9b315b35553b8
dhcp-relay-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: ffe2df87ab4ddcd5a54040974ace16f2b9dc94157f433efaed56f19177e28cf3
dhcp-relay-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: 8129394aefeb30442040e9bac299dfa492863c5699ff40ce801b28b0878656f9
dhcp-server-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: 3ed8d7c56f5fa8fd2b863a6a60bad4e42ebab9f61fddfde8814f7b8d55bea543
dhcp-server-debuginfo-4.4.2-18.b1.el9.ppc64le.rpm
SHA-256: d23da8ae96f24c660c5e5256dfb6c54a72cc234b90d4a6e8fc0269869eda26d1
Red Hat Enterprise Linux for ARM 64 9
SRPM
dhcp-4.4.2-18.b1.el9.src.rpm
SHA-256: 45af5d5c96edd44f92981388825af75f6c07a35456ccf058ec92e30d886790f9
aarch64
dhcp-client-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: 8f6d944776dff1dd81531caa681e41c2f599f43b9ad90101b73ac0082d1ad167
dhcp-client-debuginfo-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: a2754fed313330c563157ec8ce77c8f18b2a8b9b1727f49ea34bbe067658d898
dhcp-common-4.4.2-18.b1.el9.noarch.rpm
SHA-256: b4c9231c4d2a53d531b8993df4ace4359af2a840cc654af4c3b29ba617203159
dhcp-debuginfo-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: d1d3550e2fcd3e93f3520e3bcc335d4ae9e0a3c8aeef2b99c042ec51b091d931
dhcp-debugsource-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: bbb69c384676706dc774bd98c2ed831df38a4247bd1781dae40edc0ed9c8aa64
dhcp-relay-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: 36133ef0e4ea4b5065b85075efc7c5db5114cfda23e19edb046bacd0d85e5d55
dhcp-relay-debuginfo-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: b16ff540a5cc2d14708cdcfe5f270dbef9706e2e2f8022aecba17cda97b6245b
dhcp-server-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: cc9918e5b704c53cef78acf9e017ac00e6631e30fa8f8508a39776b11881d7ff
dhcp-server-debuginfo-4.4.2-18.b1.el9.aarch64.rpm
SHA-256: c1e1025ed78d64cb1733600564c18307d757815a41754a944447653a2e59101f
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Multicluster Engine for Kubernetes 2.0.9 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host o...
Red Hat Security Advisory 2023-3325-01 - Multicluster Engine for Kubernetes 2.1.7 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.1.7 General Availability release images, which address security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a ho...
Red Hat Security Advisory 2023-3296-01 - Multicluster Engine for Kubernetes 2.2.4 images Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds. You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Multicluster Engine for Kubernetes 2.2.4 General Availability release images, which fix security issues and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32313: A flaw was found in the vm2. After making a vm, the inspect method is read-write for console.log, which allows an attacker to edit options for console.log. This issue impacts the integrity by changing the log subsystem. * CVE-2023-32314: A flaw was found in the vm2 sandbox. When a host ...
An update for dhcp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2928: An integer overflow vulnerability was found in the DHCP server. When the "option_code_hash_lookup()" function is called from "add_option()", it increases the option's "refcount" field. However, there is not a corresponding call to "option_dereference()" to decrement the "refcount" field. The "add_option()" function is only used in server responses to...
Red Hat Security Advisory 2023-2502-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a memory leak vulnerability.
Gentoo Linux Security Advisory 202305-22 - Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service. Versions less than 4.4.3_p1 are affected.
Gentoo Linux Security Advisory 202305-22 - Multiple vulnerabilities have been discovered in ISC DHCP, the worst of which could result in denial of service. Versions less than 4.4.3_p1 are affected.
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. […]
Ubuntu Security Notice 5658-3 - USN-5658-1 fixed several vulnerabilities in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service.
Ubuntu Security Notice 5658-3 - USN-5658-1 fixed several vulnerabilities in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service.
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
Ubuntu Security Notice 5658-1 - It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service.
Ubuntu Security Notice 5658-1 - It was discovered that DHCP incorrectly handled option reference counting. A remote attacker could possibly use this issue to cause DHCP servers to crash, resulting in a denial of service. It was discovered that DHCP incorrectly handled certain memory operations. A remote attacker could possibly use this issue to cause DHCP clients and servers to consume resources, leading to a denial of service.