Kenneth Porter
2021-May-22 04:15 UTC
[CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
-------- Forwarded Message -------- Subject: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021 Date: Fri, 21 May 2021 11:44:19 -0800 From: Michael McNally <mcnally at isc.org> To: dhcp-announce at lists.isc.org Hello, dhcp-announce list subscribers, It has been a while since our last post to this list. Since the last time we posted news of a new release of ISC DHCP, Internet Systems Consortium has adopted a practice of pre-announcing expected security disclosures in order to give operators who use our products a little advance warning and planning time. For that reason, I am writing you today to let you know that a vulnerability in ISC DHCP will be publicly announced next week on Wednesday, 26 May 2021. Further details about that vulnerability will be publicly disclosed next week, and new releases of ISC DHCP that correct the vulnerability will be made available at that time. It is our hope that this pre-announcement will aid DHCP operators in preparing for that disclosure when it occurs. Yours sincerely, Michael McNally (writing for ISC Security Officer) _______________________________________________ dhcp-announce mailing list dhcp-announce at lists.isc.org https://lists.isc.org/mailman/listinfo/dhcp-announce
centos at niob.at
2021-May-31 10:57 UTC
[CentOS] Fwd: Pre-announcement of an ISC DHCP security issue scheduled for disclosure 26 May 2021
Am 22/05/2021 um 06:15 schrieb Kenneth Porter:> > -------- Forwarded Message -------- > Subject:???? Pre-announcement of an ISC DHCP security issue scheduled > for disclosure 26 May 2021 > Date:???? Fri, 21 May 2021 11:44:19 -0800 > From:???? Michael McNally <mcnally at isc.org> > To:???? dhcp-announce at lists.isc.org > > > > Hello, dhcp-announce list subscribers, > > It has been a while since our last post to this list. > > Since the last time we posted news of a new release of ISC DHCP, > Internet Systems Consortium has adopted a practice of pre-announcing > expected security disclosures in order to give operators who use our > products a little advance warning and planning time. > > For that reason, I am writing you today to let you know that a > vulnerability > in ISC DHCP will be publicly announced next week on Wednesday, 26 May > 2021. > > Further details about that vulnerability will be publicly disclosed next > week, and new releases of ISC DHCP that correct the vulnerability will be > made available at that time. It is our hope that this pre-announcement > will > aid DHCP operators in preparing for that disclosure when it occurs. >The released announcement: https://kb.isc.org/docs/cve-2021-25217 Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected - yet there was no update. Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the "loosing a lease" case is bad enough... peter