Linux News Today: Pretty Nasty DHCP Vulnerabilty Closed in All Supported Ubuntu OSes
Canonical has published details about a DHCP vulnerability that has been found and repaired in Ubuntu 15.10, Ubuntu 15.04, Ubuntu 14.04 LTS, and Ubuntu 12.04.
Most of the security issues that are patched with this kind of updates don’t actually become public since they don’t normally qualify as important enough. Some of the ones that do become famous, like an OpenSSL exploit, for example, are actually already patched and closed when users find out about them.
A pretty nasty DHCP bug (Dynamic Host Configuration Profile), which could allow users to experience Denial-of-Service attacks, has been closed and the Ubuntu systems have already received the patch.
“Sebastian Poehn discovered that the DHCP server, client, and relay incorrectly handled certain malformed UDP packets. A remote attacker could use this issue to cause the DHCP server, client, or relay to stop responding, resulting in a denial of service,” reads the security notice.
For a more detailed description of the problems, you can see Canonical’s security notification. Users have been advised to upgrade their systems as soon as possible.
The flaws can be fixed if you upgrade your system to the latest isc-dhcp-relay package specific to each distribution. To apply the patch, users will have to run the Update Manager application. In general, a standard system update will make all the necessary changes, and a restart is not required.