Headline
RHSA-2022:8385: Red Hat Security Advisory: dhcp security and enhancement update
An update for dhcp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-11-15
Updated:
2022-11-15
RHSA-2022:8385 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: dhcp security and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for dhcp is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
Security Fix(es):
- bind: DNS forwarders - cache poisoning vulnerability (CVE-2021-25220)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2064512 - CVE-2021-25220 bind: DNS forwarders - cache poisoning vulnerability
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
dhcp-4.4.2-17.b1.el9.src.rpm
SHA-256: 7ff746bd90b0a2115103100ae6fd08905fda2ae5fa3c81f99bb4ddc37326bb4c
x86_64
dhcp-client-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 43bc67fe1c6f1f7ed353cf80f82108c7da3b60c863e4ee937e01f876a067f609
dhcp-client-debuginfo-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 2e024586913939fc1034671696f302bfbc47b0bc2c37926885b23750a2df460e
dhcp-common-4.4.2-17.b1.el9.noarch.rpm
SHA-256: 1ff0ffdbb2bd9f1c329a73429b6feb17863ae546f7d9bf429bb8a9fc903b2ffc
dhcp-debuginfo-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 0f98b950a1429020631a3b2fd0a503fb6abcb90d9a360c6ac1f57a38ee4db73f
dhcp-debugsource-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 20488bede697987d948f122f5e1abe69444818318bca597fd1b4f3c5cf60e17d
dhcp-relay-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 14f9b4831d50cff5409f689e22ef5ddb48d2b22fb76fca9ea3a579d73970dac1
dhcp-relay-debuginfo-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: 97040fb47d295edc8d065fe4bcb41d6e353c3984ce85d6dda7280c84e5adad80
dhcp-server-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: f4d98c779e0259656db7e5f38723c606d6203f6f5d4e74a99d4179684383a593
dhcp-server-debuginfo-4.4.2-17.b1.el9.x86_64.rpm
SHA-256: f76974ceeaabdd3faeb934939c99e13194ecbc9eb7b4f777de5f358030e9a7df
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
dhcp-4.4.2-17.b1.el9.src.rpm
SHA-256: 7ff746bd90b0a2115103100ae6fd08905fda2ae5fa3c81f99bb4ddc37326bb4c
s390x
dhcp-client-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 2a618a768c27543e9fa6ccc9b3a29983ccb3696926451db0d9d4fc8526d13476
dhcp-client-debuginfo-4.4.2-17.b1.el9.s390x.rpm
SHA-256: e81734900b45a8e7dbf94aad4611ce775b5f2b0d14e5a79cfd266aa17676b79b
dhcp-common-4.4.2-17.b1.el9.noarch.rpm
SHA-256: 1ff0ffdbb2bd9f1c329a73429b6feb17863ae546f7d9bf429bb8a9fc903b2ffc
dhcp-debuginfo-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 432996cd5589f6f1461366516fbb028f82d3951137c05fffaad17ff0d6c640b3
dhcp-debugsource-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 9f2e31abde77073a47919702d6797a5b6351014b4ee5014c686704a89b794eb1
dhcp-relay-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 123e5ac98e6de5037ed8f09df1eafafa36b4e1d728134afe94130ffe1d6bb816
dhcp-relay-debuginfo-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 0f0fa090a0f93f191ba4286f7e4b6629e52fadf92db2f2383fa2e35ce4cbd00f
dhcp-server-4.4.2-17.b1.el9.s390x.rpm
SHA-256: 1dd5478331acec5685b3537ea09800c32ce7f381768345ea3e7f853bb30f667a
dhcp-server-debuginfo-4.4.2-17.b1.el9.s390x.rpm
SHA-256: f2e2c345b9b82f8458c9f616651d7fe1e9d4f1833844fb426af3eeb58659787f
Red Hat Enterprise Linux for Power, little endian 9
SRPM
dhcp-4.4.2-17.b1.el9.src.rpm
SHA-256: 7ff746bd90b0a2115103100ae6fd08905fda2ae5fa3c81f99bb4ddc37326bb4c
ppc64le
dhcp-client-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 66fa08e1f231e58d1a7391b68b57a8c523ce1a624bc9a2a51f692c04ff325be6
dhcp-client-debuginfo-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 69f95d6fdd5fd72a30befec282cc3bb169cf350dd1066362667606d285ace6d1
dhcp-common-4.4.2-17.b1.el9.noarch.rpm
SHA-256: 1ff0ffdbb2bd9f1c329a73429b6feb17863ae546f7d9bf429bb8a9fc903b2ffc
dhcp-debuginfo-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: faa9ba3dad14863ed399fe2a4e95ae3ede020f1469929fc18d169ec00f6f7e95
dhcp-debugsource-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 688a340d95bf74c139fdf5e977469af4d7b90aca98f814e91f6ec3f9d4f0b3f6
dhcp-relay-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 2bd6e63ecddfd9e023fce138a039a83b1d89234460e7f1d6c702f58f88b4b160
dhcp-relay-debuginfo-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 59b13c71e44f390c84917946e5aea10fa8b659451885c1ce96b87847962775bb
dhcp-server-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: d379b5d763f4f6605ee127d56a5957b606d3e3fb46b4afc873578a0c5114d13e
dhcp-server-debuginfo-4.4.2-17.b1.el9.ppc64le.rpm
SHA-256: 63bf51e52e942d3e0be3ee5f22f9c9de9a0bf740868ad9a5b49e4abed8a0b8a9
Red Hat Enterprise Linux for ARM 64 9
SRPM
dhcp-4.4.2-17.b1.el9.src.rpm
SHA-256: 7ff746bd90b0a2115103100ae6fd08905fda2ae5fa3c81f99bb4ddc37326bb4c
aarch64
dhcp-client-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: cfebc455e94fdef871e61d639cc76777fd5a24302e47b4e4b4f417cb8edfb16b
dhcp-client-debuginfo-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 9c3ab57d9138da435c3cd36a2c0a1eb3fbd5980fe154251a5c988d7c46585ebd
dhcp-common-4.4.2-17.b1.el9.noarch.rpm
SHA-256: 1ff0ffdbb2bd9f1c329a73429b6feb17863ae546f7d9bf429bb8a9fc903b2ffc
dhcp-debuginfo-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 98323db4d436d13a448f8e5a3d8bee21a0f72af4f09a1fc8ef13b0070d7d6932
dhcp-debugsource-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 1bd229233f7c69283e0a8c6dc93aefc7bb4983e2150e84a9040c71176d54b25c
dhcp-relay-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 4a2f4a228eab5e3f2130cd3ac60fdafcc6f8daf823cb2d21f9b0e372fabc3399
dhcp-relay-debuginfo-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 379dc355068008651eca10281c70bc99c37ca31f0b0973f1bc4c0b200460911d
dhcp-server-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: 4b6e573c5ebc45757bf02e675f373d1f641c0871932b0dac8c99df978e244278
dhcp-server-debuginfo-4.4.2-17.b1.el9.aarch64.rpm
SHA-256: d2c2fc28405f3b8c3cd6f11822475e78bf0a38b6c08a135b3c31b9f54dae0492
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Red Hat Security Advisory 2023-0402-01 - An update for bind is now available for Red Hat Enterprise Linux 7.
An update for bind is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-2795: bind: processing large delegations may severely degrade resolver performance
Red Hat Security Advisory 2022-8068-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-8385-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network.
An update for bind is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-0396: bind: DoS from specifically crafted TCP packets
Red Hat Security Advisory 2022-7643-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly. Issues addressed include denial of service and memory leak vulnerabilities.
An update for bind9.16 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability * CVE-2022-0396: bind: DoS from specifically crafted TCP packets
An update for bind is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-25220: bind: DNS forwarders - cache poisoning vulnerability
BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.