[Secure-testing-team] Bug#846938: dhcpcd5: CVE-2014-7913
Salvatore Bonaccorso
carnil at debian.org
Sun Dec 4 13:52:24 UTC 2016
Source: dhcpcd5
Version: 6.0.5-2
Severity: important
Tags: security upstream patch
Control: found -1 6.10.1-1
Hi,
the following vulnerability was published for dhcpcd5.
CVE-2014-7913[0]:
| The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as
| used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products,
| misinterprets the return value of the snprintf function, which allows
| remote DHCP servers to execute arbitrary code or cause a denial of
| service (memory corruption) via a crafted message.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-7913
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7913
[1] http://roy.marples.name/projects/dhcpcd/ci/528541c4c619520e?sbs=0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list