Synopsis: Critical: dhcp security update
Advisory ID: SLSA-2018:1453-1
Issue Date: 2018-05-15
CVE Numbers: CVE-2018-1111
—
Security Fix(es):
* A command injection flaw was found in the NetworkManager integration
script included in the DHCP client packages in Scientific Linux. A
malicious DHCP server, or an attacker on the local network able to spoof
DHCP responses, could use this flaw to execute arbitrary commands with
root privileges on systems using NetworkManager and configured to obtain
network configuration using the DHCP protocol. (CVE-2018-1111)
—
SL7
x86_64
dhclient-4.2.5-68.sl7_5.1.x86_64.rpm
dhcp-common-4.2.5-68.sl7_5.1.x86_64.rpm
dhcp-debuginfo-4.2.5-68.sl7_5.1.i686.rpm
dhcp-debuginfo-4.2.5-68.sl7_5.1.x86_64.rpm
dhcp-libs-4.2.5-68.sl7_5.1.i686.rpm
dhcp-libs-4.2.5-68.sl7_5.1.x86_64.rpm
dhcp-4.2.5-68.sl7_5.1.x86_64.rpm
dhcp-devel-4.2.5-68.sl7_5.1.i686.rpm
dhcp-devel-4.2.5-68.sl7_5.1.x86_64.rpm
– Scientific Linux Development Team
