From 74e272fef29399fa6398c7739faee02a0a01a8d55621e8ebb97553a196f74dfc Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 2 Feb 2011 09:11:54 +0000 Subject: [PATCH] Improved patch description OBS-URL: https://build.opensuse.org/package/show/network:dhcp/dhcp?expand=0&rev=54 --- dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff index f7341d7..5941b03 100644 --- a/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff +++ b/dhcp-4.2.0-P2-CVE-2011-0413.bnc667655.diff @@ -1,15 +1,17 @@ -From d995f772e6b957c7569a640d024daa3e58c08f56 Mon Sep 17 00:00:00 2001 +From ef8d97cd543d87135b3aae2d778a6f91cb800498 Mon Sep 17 00:00:00 2001 From: Marius Tomaschewski Date: Wed, 2 Feb 2011 09:18:39 +0100 Subject: [PATCH] Unexpected abort caused by a DHCPv6 decline +Security fix (CVE-2011-0413, VU#686084, bnc#667655) extracted from +dhcp-4.2.1b1 sources; description from dhcp-4.2.1b1/RELNOTES: ! When processing a request in the DHCPv6 server code that specifies an address that is tagged as abandoned (meaning we received a decline request for it previously) don't attempt to move it from the inactive to active pool as doing so can result in the server crshing on an assert failure. Also retag the lease as active and reset it's timeout value. - [ISC-Bugs #21921] (CVE-2011-0413, VU#686084) + [ISC-Bugs #21921] Signed-off-by: Marius Tomaschewski ---