| Package | isc-dhcp |
|---|---|
| Version | 4.3.1-6+deb8u6 (jessie), 4.3.5-3+deb9u3 (stretch) |
| Related CVEs | CVE-2022-2928 CVE-2022-2929 |
Several vulnerabilities have been discovered in the ISC DHCP client, relay and server.
CVE-2022-2928
It was discovered that the DHCP server does not correctly perform
option reference counting when configured with "allow leasequery;".
A remote attacker can take advantage of this flaw to cause a denial
of service (daemon crash).
CVE-2022-2929
It was discovered that the DHCP server is prone to a memory leak
flaw when handling contents of option 81 (fqdn) data received in
a DHCP packet. A remote attacker can take advantage of this flaw
to cause DHCP servers to consume resources, resulting in denial
of service.
For Debian 8 jessie, these problems have been fixed in version 4.3.1-6+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 4.3.5-3+deb9u3.
We recommend that you upgrade your isc-dhcp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.