dhcp-4.4.2.P1-11.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12390 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z dhcp-4.4.2.P1-11.1 on GA media These are all security issues fixed in the dhcp-4.4.2.P1-11.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12390 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12390 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-2928/ SUSE CVE CVE-2022-2928 page https://www.suse.com/security/cve/CVE-2022-2929/ SUSE CVE CVE-2022-2929 page openSUSE Tumbleweed dhcp-4.4.2.P1-11.1 dhcp-client-4.4.2.P1-11.1 dhcp-devel-4.4.2.P1-11.1 dhcp-doc-4.4.2.P1-11.1 dhcp-relay-4.4.2.P1-11.1 dhcp-server-4.4.2.P1-11.1 dhcp-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed dhcp-client-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed dhcp-devel-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed dhcp-doc-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed dhcp-relay-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed dhcp-server-4.4.2.P1-11.1 as a component of openSUSE Tumbleweed In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. CVE-2022-2928 openSUSE Tumbleweed:dhcp-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-client-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-devel-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-doc-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-relay-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-server-4.4.2.P1-11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2928.html CVE-2022-2928 https://bugzilla.suse.com/1203988 SUSE Bug 1203988 In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. CVE-2022-2929 openSUSE Tumbleweed:dhcp-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-client-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-devel-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-doc-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-relay-4.4.2.P1-11.1 openSUSE Tumbleweed:dhcp-server-4.4.2.P1-11.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2929.html CVE-2022-2929 https://bugzilla.suse.com/1203989 SUSE Bug 1203989