Join the community today
Register Now

Security CentOS & Redhat 6 / 7 DHCP CVE-2018-1111 Security Vulnerability

Discussion in 'CentOS, Redhat & Oracle Linux News' started by eva2000, May 22, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    40,204
    8,892
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,704
    Local Time:
    3:37 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Folks on CentOS and Redhat 6 and 7 should do a yum update ASAP for DHCP CVE-2018-1111 security vulnerability CVE-2018-1111 - Red Hat Customer Portal
    Redhat 7 dhcp yum package update versions
    Code (Text):
    [B]x86_64[/B]
    dhclient-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: b0141bdb3e61ff2143a5e9a30a84c68e0e679c41fcd7428251bda8c48a912c4c
    dhcp-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: a6a9dc2006fab304d32a2fa53253c058f3ab71a6e4bd6c9a722d65595b411826
    dhcp-common-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: 4b2487d3fa84aeb26f4e8cd339ebc62ae91478ebb61649c01108da03498c37f2
    dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm SHA-256: c48fd0a2ed4809c5de725d4e95c685ce93287087894454554ceb089958f7c340
    dhcp-debuginfo-4.2.5-68.el7_5.1.i686.rpm SHA-256: c48fd0a2ed4809c5de725d4e95c685ce93287087894454554ceb089958f7c340
    dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: 7abef69e3e071063ce0eb5201b03d788f7cb2ceb8f064b9b4a02c99c56796e09
    dhcp-debuginfo-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: 7abef69e3e071063ce0eb5201b03d788f7cb2ceb8f064b9b4a02c99c56796e09
    dhcp-devel-4.2.5-68.el7_5.1.i686.rpm SHA-256: 7c2b9c2efb73f87c638d8857c99d628ed577fb25d9b4f239fb307116d8f188b3
    dhcp-devel-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: 1b23a6266370e68a88c88d52658ef0c97a08683932e020a24936056339612990
    dhcp-libs-4.2.5-68.el7_5.1.i686.rpm SHA-256: b8fdbed838cfc79bf4dc9cec64cbd9b920c081706a140507c90887f0405e03f9
    dhcp-libs-4.2.5-68.el7_5.1.x86_64.rpm SHA-256: 9177f2a9a107cbc1797fe70326813003d468b01facf0f01b1f4f2c0c936ab57c
    

    Redhat 6 dhcp yum package update versions
    Code (Text):
    [B]x86_64[/B]
    dhclient-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: c752193985d5b3fd565c1d1c58fe3a7639ca02a556e7ab047a5d782055755306
    dhcp-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: 2de6bee77bf7b0746ed36bf7e4aa7a2de3fc06cffcd753acdcbf00279b25b713
    dhcp-common-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: be69fe5e4ef3d08f98b670aba527f25e50734cb61af978d071932e9233ad542d
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.i686.rpm SHA-256: 0b544311fc657e042f891cfa966262db19645c926fb1bd74059b36c8f9c15e28
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
    dhcp-debuginfo-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: 99f850d116defd37af29eca4c88919a3d20583767d64d1a350d41388bcdd1477
    dhcp-devel-4.1.1-53.P1.el6_9.4.i686.rpm SHA-256: c31f53d92e0913868c3d37ec824babb4ea8d4a3f76a22c9e69cfda073e132334
    dhcp-devel-4.1.1-53.P1.el6_9.4.x86_64.rpm SHA-256: 92158f772a64b249fe7806a45ed92dce25467a7a4167a09c4fe1a017145e252c
    

     
    • Informative Informative x 2
  2. eva2000

    eva2000 Administrator Staff Member

    40,204
    8,892
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,704
    Local Time:
    3:37 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    CentOS 7
    Code (Text):
    yum -q list dhclient
    Installed Packages
    dhclient.x86_64     12:4.2.5-68.el7.centos    @base
    Available Packages
    dhclient.x86_64    12:4.2.5-68.el7.centos.1    updates
    

    Updating
    Code (Text):
    yum -y update
    

    recheck
    Code (Text):
    yum -q list dhclient | tr -s ' '
    Installed Packages
    dhclient.x86_64     12:4.2.5-68.el7.centos.1     @updates
    

    verify changelog 2nd item on the list dated April 24, 2018
    Code (Text):
    rpm -qa --changelog dhclient | head -n5
    * Tue May 15 2018 CentOS Sources <[email protected]> - 4.2.5-68.el7.centos.1
    - Roll in CentOS Branding
    
    * Tue Apr 24 2018 Pavel Zhukov <[email protected]> - 12:4.2.5-68.1
    - Resolves: #1570898 - Fix CVE-2018-1111: Do not parse backslash as escape character
    
     
    • Informative Informative x 3
  3. Jon Snow

    Jon Snow Active Member

    423
    64
    28
    Jun 30, 2017
    Ratings:
    +100
    Local Time:
    2:37 AM
    Nginx 1.13.9
    MariaDB 10.1.31
    Was this released today?

    This is what it says when exiting centmin:
    Code (Text):
    checking for YUM updates... please wait...
    no YUM updates available
     
  4. Meirami

    Meirami Member

    128
    15
    18
    Dec 21, 2017
    Ratings:
    +41
    Local Time:
    8:37 AM
    My openvz says it's not Installed.
    Code:
     yum -q list dhclient                          
    Available Packages                                                    
    dhclient.x86_64             12:4.2.5-68.el7.centos.1             updates
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,204
    8,892
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,704
    Local Time:
    3:37 PM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    depends on your web host/vps setup some wouldn't use it some do so if you don't have it installed then just ignore

    @Jon Snow AFAIK was released around May 15th 2018 but like @Meirami your server may not have installed/used it for your web hosts config so can ignore.
     
    • Like Like x 2
..