[Buildroot] [git commit] package/dhcp: security bump to version 4.4.3-P1
Peter Korsgaard
peter at korsgaard.com
Mon Oct 17 08:37:50 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=99a570ee2b1368ca8b2be36c496bbe71224679ad
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
- Corrected a reference count leak that occurs when the server builds
responses to leasequery packets. Thanks to VictorV of Cyber Kunlun
Lab for reporting the issue.
[Gitlab #253]
CVE: CVE-2022-2928
- Corrected a memory leak that occurs when unpacking a packet that has an
FQDN option (81) that contains a label with length greater than 63 bytes.
Thanks to VictorV of Cyber Kunlun Lab for reporting the issue.
[Gitlab #254]
CVE: CVE-2022-2929
https://kb.isc.org/docs/cve-2022-2928
https://kb.isc.org/docs/cve-2022-2929
https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1-RELNOTES
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/dhcp/dhcp.hash | 4 ++--
package/dhcp/dhcp.mk | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/dhcp/dhcp.hash b/package/dhcp/dhcp.hash
index be03423db8..7dd80a7acc 100644
--- a/package/dhcp/dhcp.hash
+++ b/package/dhcp/dhcp.hash
@@ -1,4 +1,4 @@
-# Verified from https://ftp.isc.org/isc/dhcp/4.4.3/dhcp-4.4.3.tar.gz.sha256.asc
-sha256 0e3ec6b4c2a05ec0148874bcd999a66d05518378d77421f607fb0bc9d0135818 dhcp-4.4.3.tar.gz
+# Verified from https://ftp.isc.org/isc/dhcp/4.4.3-P1/dhcp-4.4.3-P1.tar.gz.sha256.asc
+sha256 0ac416bb55997ca8632174fd10737fd61cdb8dba2752160a335775bc21dc73c7 dhcp-4.4.3-P1.tar.gz
# Locally calculated
sha256 45a39c430be0920cb9570f34b32d2378fe6048c034f2f3265b9326d64ada73df LICENSE
diff --git a/package/dhcp/dhcp.mk b/package/dhcp/dhcp.mk
index 183c8322d6..7be40191c8 100644
--- a/package/dhcp/dhcp.mk
+++ b/package/dhcp/dhcp.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DHCP_VERSION = 4.4.3
+DHCP_VERSION = 4.4.3-P1
DHCP_SITE = https://ftp.isc.org/isc/dhcp/$(DHCP_VERSION)
DHCP_INSTALL_STAGING = YES
DHCP_LICENSE = MPL-2.0
More information about the buildroot
mailing list