[ubuntu/precise-security] isc-dhcp 4.1.ESV-R4-0ubuntu5.5 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Sep 18 12:01:25 UTC 2012
isc-dhcp (4.1.ESV-R4-0ubuntu5.5) precise-security; urgency=low
[ Jamie Strandboge ]
* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. Don't worry about
debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
since AppArmor isn't used in these environments.
- LP: #1045986
[ Marc Deslauriers ]
* SECURITY UPDATE: denial of service via ipv6 lease expiration time
reduction
- debian/patches/CVE-2012-3955.patch: properly handle time reduction in
server/dhcpv6.c, server/mdb6.c.
- CVE-2012-3955
Date: 2012-09-14 17:45:33.941154+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/precise/+source/isc-dhcp/4.1.ESV-R4-0ubuntu5.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list