GLSA-201804-05 : ISC DHCP: Multiple vulnerabilities
Medium Nessus Plugin ID 108926
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201804-05 (ISC DHCP: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in ISC DHCP. Please review the CVE identifiers referenced below for details.
Remote attackers could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts.
There are no known workarounds at this time for CVE-2018-5732 or CVE-2018-5733.
In accordance with upstream documentation, the recommended workaround for CVE-2017-3144 is, “to disallow access to the OMAPI control port from unauthorized clients (in accordance with best practices for server operation).”
SolutionAll DHCP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/dhcp-4.3.6_p1'