ALAS2-2018-963


Amazon Linux 2 Security Advisory: ALAS-2018-963
Advisory Release Date: 2018-02-21 21:24 Pacific
Severity: Medium
References: CVE-2017-3144 

Issue Overview:

Omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service
It was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144 )


Affected Packages:

dhcp


Issue Correction:
Run yum update dhcp to update your system.

New Packages:
src:
    dhcp-4.2.5-58.amzn2.1.2.src

x86_64:
    dhcp-4.2.5-58.amzn2.1.2.x86_64
    dhclient-4.2.5-58.amzn2.1.2.x86_64
    dhcp-common-4.2.5-58.amzn2.1.2.x86_64
    dhcp-libs-4.2.5-58.amzn2.1.2.x86_64
    dhcp-devel-4.2.5-58.amzn2.1.2.x86_64
    dhcp-debuginfo-4.2.5-58.amzn2.1.2.x86_64