[debian-lts-announce] 20221010 [SECURITY] [DLA 3146-1] isc-dhcp security update

FEDORA-2022-f5a45757df

FEDORA-2022-9ca9a94e28

FEDORA-2022-c4f274a54f

GLSA-202305-22

CVE Program Container

The function fqdn_universe_decode() allocates buffer space for the contents of option 81 (fqdn) data received in a DHCP packet. The maximum length of a DNS label is 63 bytes. The function tests the length byte of each label contained in the fqdn; if it finds a label whose length byte value is larger than 63, it returns without dereferencing the buffer space. This will cause a memory leak. Affects In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1

CVE-2022-2929

Credits

References