Debian 10037 Published by

A dhcpcd5 security update has been released for Debian GNU/Linux 9 Extended LTS to address several security vulnerabilities.



ELA-742-1 dhcpcd5 security update

Package : dhcpcd5
Version : 6.10.1-1+deb9u1 (stretch)

Related CVEs :
CVE-2019-11578
CVE-2019-11579

Several security vulnerabilities have been discovered in dhcpcd5, a DHCPv4 and
DHCPv6 dual-stack client.

CVE-2019-11579:
dhcp.c in dhcpcd contains a 1-byte read overflow with DHO_OPTSOVERLOADED.

CVE-2019-11578:
auth.c in dhcpcd allowed attackers to infer secrets by performing latency attacks.

  ELA-742-1 dhcpcd5 security update