5 thoughts on - Pre-announcement Of An ISC DHCP Security Issue Scheduled For Disclosure 26 May 2021
Am 22/05/2021 um 06:15 schrieb Kenneth Porter:
Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected – yet there was no update.
Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the “loosing a lease” case is bad enough…
I’m wondering why this bug is still unfixed in EL[6-8] for more than a week now while it is mentioned as being a security issue? Since the fixing patch is just a view lines I’m surprised why it’s delayed?
Regards, Simon
Maybe because it depends on more the one other ticket …
5 thoughts on - Pre-announcement Of An ISC DHCP Security Issue Scheduled For Disclosure 26 May 2021
Am 22/05/2021 um 06:15 schrieb Kenneth Porter:
Any updates on this? From the announcement I take it that the version used in C7 (4.2.5) is likely affected – yet there was no update.
Disclaimer: I did not check if upstream has released anything and I did not check if the preconditions for the crash case are met by the current package. Nevertheless, the “loosing a lease” case is bad enough…
peter
https://access.redhat.com/security/cve/cve-2021-25217
—
Leon
I’m wondering why this bug is still unfixed in EL[6-8] for more than a week now while it is mentioned as being a security issue? Since the fixing patch is just a view lines I’m surprised why it’s delayed?
Regards, Simon
Maybe because it depends on more the one other ticket …
https://bugzilla.redhat.com/show_bug.cgi?id=1963258
—
Leon
Not really, I think. They usually create BZs for every distribution affected to track them separately, but it seems to be always the same trivial fix:
https://bugzilla.redhat.com/attachment.cgi?id=1786774&action=diff or https://bugzilla.redhat.com/attachment.cgi?id=1786775&action=diff
That’s why my question, what do we NOT know?
Simon