Amazon Linux 1 Security Advisory: ALAS-2012-115
Advisory Release Date: 2012-08-03 15:56 Pacific
Advisory Updated Date: 2014-09-14 16:49 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
A denial of service flaw was found in the way the dhcpd daemon handled zero-length client identifiers. A remote attacker could use this flaw to send a specially-crafted request to dhcpd, possibly causing it to enter an infinite loop and consume an excessive amount of CPU time. (CVE-2012-3571)
Two memory leak flaws were found in the dhcpd daemon. A remote attacker could use these flaws to cause dhcpd to exhaust all available memory by sending a large number of DHCP requests. (CVE-2012-3954)
Affected Packages:
dhcp
Issue Correction:
Run yum update dhcp to update your system.
i686:
dhcp-4.1.1-31.P1.17.amzn1.i686
dhcp-devel-4.1.1-31.P1.17.amzn1.i686
dhcp-debuginfo-4.1.1-31.P1.17.amzn1.i686
dhclient-4.1.1-31.P1.17.amzn1.i686
dhcp-common-4.1.1-31.P1.17.amzn1.i686
src:
dhcp-4.1.1-31.P1.17.amzn1.src
x86_64:
dhcp-common-4.1.1-31.P1.17.amzn1.x86_64
dhclient-4.1.1-31.P1.17.amzn1.x86_64
dhcp-devel-4.1.1-31.P1.17.amzn1.x86_64
dhcp-debuginfo-4.1.1-31.P1.17.amzn1.x86_64
dhcp-4.1.1-31.P1.17.amzn1.x86_64