4.46. dhcp
Updated dhcp packages that fix one security issue are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.
Security Fix
- CVE-2011-4539
- A denial of service flaw was found in the way the dhcpd daemon handled DHCP request packets when regular expression matching was used in "/etc/dhcp/dhcpd.conf". A remote attacker could use this flaw to crash dhcpd.
Users of DHCP should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically.
Updated dhcp packages that fix several bugs and add two enhancements are now available for Red Hat Enterprise Linux 6.
The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol that supports IPv6 networks.
Bug Fixes
- BZ#694798
- Previously, when multiple DHCP clients were launched at the same time to handle multiple virtual interfaces on the same network interface card (NIC), the clients used the same seed to choose when to renew their leases. Consequently, these virtual interfaces for some clients could have been removed over time. With this update, the dhclient utility uses the Process Identifier (PID) for seeding the random number generator, which fixes the bug.
- BZ#694799
- If a system was rebooted while a network switch was inoperative, the network connection would recover successfully. However, it was no longer configured to use DHCP even if the dhclient utility had been running in persistent mode. With this update, the dhclient-script file has been modified to refresh the ARP (Address Resolution Protocol) table and the routing table instead of bringing the interface down, which fixes the bug.
- BZ#731990
- If the system included network interfaces with no hardware address, the dhcpd scan could have experienced a segmentation fault when scanning such an interface. As a consequence, the dhcpd daemon unexpectedly terminated. To prevent this issue, dhcpd now tests a pointer which represents the hardware address of the interface for the NULL value. The dhcp daemon no longer crashes.
- BZ#736999
- Previously, all source files were compiled with the "-fpie" or "fPIE" flag. As a consequence, the libraries used by dhcp could not have been used to build Perl modules. To fix this problem, all respective dhcp Makefiles have been modified to compile libraries with the "-fpic" or "-fPIC" flag. The libraries used by dhcp are now built without the previous restrictions.
- BZ#736194
- Previously, both dhcp and dhclient packages included the dhcp-options(5) and dhcp-eval(5) man pages. As a consequence, a conflict could have occurred when any of these man pages were updated, because dhcp and dhclient packages could have been upgraded separately. To prevent the problem from occurring in future updates, shared files of dhcp and dhclient packages have been moved to the dhcp-common package that is required by both dhcp and dhclient as a dependency.
Enhancements
- BZ#706974
- A feature has been backported from dhcp version 4.2.0. This feature allows the DHCPv6 server to be configured to identify DHCPv6 clients in accordance with their link-layer address and their network hardware type. With this update, it is now possible to define a static IPv6 address for the DHCPv6 client with a known link-layer address.
- BZ#693381
- Previously, the dhcpd daemon ran as root. With this update, new "-user" and "-group" options can be used with dhcpd. These options allow dhcpd to change the effective user and group ID after it starts. The dhcpd and dhcpd6 services now run the dhcpd daemon with the "-user dhcpd -group dhcpd" parameters, which means that the dhcpd daemon runs as the dhcpd user and group instead root.
Users are advised to upgrade to these updated dhcp packages, which fixes these bugs and add these enhancements.