Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <c1168996-ea72-ad04-027f-2f3b190eabd5@isc.org>
Date: Wed, 5 Oct 2022 18:29:06 +0200
From: Peter Davies <peterd@....org>
To: oss-security@...ts.openwall.com
Subject: ISC has disclosed two vulnerabilities in ISC DHCP (CVE-2022-2928,
 CVE-2022-2929)

On 5 October 2022 we (Internet Systems Consortium) disclosed two 
vulnerabilities affecting our ISC DHCP software:

- CVE-2022-2928 An option refcount overflow exists in dhcpd
- CVE-2022-2929 DHCP memory leak


New versions of ISC DHCP are available from https://www.isc.org/downloads

Operators and package maintainers who prefer to apply patches 
selectively can find individual vulnerability-specific patches in the 
"patches" subdirectory of the release directories for our stable release 
branches (4.4.3-P1 and 4.1-R16-P2):

- https://downloads.isc.org/isc/dhcp/4.4.3-P1/patches/
- https://downloads.isc.org/isc/dhcp/4.1-ESV-R16-P2/patches/

With the public announcement of these vulnerabilities, the embargo 
period is ended and any updated software packages that have been 
prepared may be released.

ISC Support
----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.