* debian/dhclient-script.linux: Explicitly set the PATH to that of
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. This can be removed once AppArmor
supports environment filtering (LP: 1045985). Don't worry about
debian/dhclient-script.linux.udeb or debian/dhclient-script.kfreebsd*
since AppArmor isn't used in these environments.
- LP: #1045986
This bug was fixed in the package isc-dhcp - 4.2.4-1ubuntu7
---------------
isc-dhcp (4.2.4-1ubuntu7) quantal-proposed; urgency=low
* debian/ dhclient- script. linux: Explicitly set the PATH to that of dhclient- script. linux.udeb or debian/ dhclient- script. kfreebsd*
ENV_SUPATH in /etc/login.defs and unset various other variables. We need
to do this so /sbin/dhclient cannot abuse the environment to escape
AppArmor confinement via this script. This can be removed once AppArmor
supports environment filtering (LP: 1045985). Don't worry about
debian/
since AppArmor isn't used in these environments.
- LP: #1045986
isc-dhcp (4.2.4-1ubuntu6) quantal-proposed; urgency=low
* SECURITY UPDATE: denial of service via unexpected client identifiers patches/ CVE-2012- 3570.patch: validate MAC length in dhcpd.h, server/dhcpv6.c. patches/ CVE-2012- 3571.patch: validate packets in options. c, includes/dhcpd.h. patches/ CVE-2012- 3954.patch: properly manage memory in options. c and server/dhcpv6.c.
- debian/
includes/
- CVE-2012-3570
* SECURITY UPDATE: denial of service via malformed client identifiers
- debian/
common/
- CVE-2012-3571
* SECURITY UPDATE: denial of service via memory leaks
- debian/
common/
- CVE-2012-3954
-- Jamie Strandboge <email address hidden> Wed, 05 Sep 2012 08:59:49 -0500