News

=========================================================== Ubuntu Security Notice USN-531-1 October 22, 2007 dhcp vulnerability CVE-2007-5365 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp 2.0pl5-19.4ubuntu0.1 Ubuntu 6.10: dhcp 2.0pl5-19.4ubuntu1.1 Ubuntu 7.04: dhcp 2.0pl5-19.5ubuntu2.1 Ubuntu 7.10: dhcp 2.0pl5dfsg1-20ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Nahuel Riva and Gerardo Richarte discovered that the DHCP server did not correctly handle certain client options. A remote attacker could send malicious DHCP replies to the server and execute arbitrary code.