dhcpcd: Denial of service — GLSA 201409-03

A vulnerability in dhcpcd can lead to a Denial of Service condition.

Affected packages

net-misc/dhcpcd on all architectures
Affected versions < 6.4.3
Unaffected versions >= 6.4.3

Background

dhcpcd is a fully featured, yet light weight RFC2131 compliant DHCP client.

Description

A vulnerability has been discovered in dhcpcd. A malicious dhcp server can set flags as part of the dhcp reply that can cause a Denial of Service condition.

Impact

A remote attacker can cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All dhcpcd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-misc/dhcpcd-6.4.3"
 

References

Release date
September 03, 2014

Latest revision
September 03, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries