From 99a570ee2b1368ca8b2be36c496bbe71224679ad Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sun, 16 Oct 2022 23:09:31 +0200 Subject: [PATCH] package/dhcp: security bump to version 4.4.3-P1 - Corrected a reference count leak that occurs when the server builds responses to leasequery packets. Thanks to VictorV of Cyber Kunlun Lab for reporting the issue. [Gitlab #253] CVE: CVE-2022-2928 - Corrected a memory leak that occurs when unpacking a packet that has an FQDN option (81) that contains a label with length greater than 63 bytes. Thanks to VictorV of Cyber Kunlun Lab for reporting the issue. [Gitlab #254] CVE: CVE-2022-2929 https://kb.isc.org/docs/cve-2022-2928 https://kb.isc.org/docs/cve-2022-2929 https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/dhcp/dhcp.hash | 4 ++-- package/dhcp/dhcp.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/dhcp/dhcp.hash b/package/dhcp/dhcp.hash index be03423db8..7dd80a7acc 100644 --- a/package/dhcp/dhcp.hash +++ b/package/dhcp/dhcp.hash @@ -1,4 +1,4 @@ -# Verified from https://ftp.isc.org/isc/dhcp/4.4.3/dhcp-4.4.3.tar.gz.sha256.asc -sha256 0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818 dhcp-4.4.3.tar.gz +# Verified from https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1.tar.gz.sha256.asc +sha256 0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7 dhcp-4.4.3-P1.tar.gz # Locally calculated sha256 45a39c430be0920cb9570f34b32d2378fe6048c034f2f3265b9326d64ada73df LICENSE diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk index 183c8322d6..7be40191c8 100644 --- a/package/dhcp/dhcp.mk +++ b/package/dhcp/dhcp.mk @@ -4,7 +4,7 @@ # ################################################################################ -DHCP_VERSION = 4.4.3 +DHCP_VERSION = 4.4.3-P1 DHCP_SITE = https://ftp.isc.org/isc/dhcp/$(DHCP_VERSION) DHCP_INSTALL_STAGING = YES DHCP_LICENSE = MPL-2.0