| Package | dhcpcd5 |
|---|---|
| Version | 6.10.1-1+deb9u1 (stretch) |
| Related CVEs | CVE-2019-11578 CVE-2019-11579 |
Several security vulnerabilities have been discovered in dhcpcd5, a DHCPv4 and DHCPv6 dual-stack client.
CVE-2019-11579:
dhcp.c in dhcpcd contains a 1-byte read overflow with DHO_OPTSOVERLOADED.
CVE-2019-11578:
auth.c in dhcpcd allowed attackers to infer secrets by performing latency attacks.
For Debian 9 stretch, these problems have been fixed in version 6.10.1-1+deb9u1.
We recommend that you upgrade your dhcpcd5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.