Bugzilla – Bug 675052
VUL-0: CVE-2011-0997: dhcp-client / dhcpcd: remote/local root hole via rogue hostname
Last modified: 2019-01-02 17:33:38 UTC
The issue is not public, keep inside SUSE. The main issue here is that a rogue DHCP Server can inject hostnames into the system with any character. $(id>>/tmp/foo) as hostname was possible in Sebastians tests. The characterset passed from the DHCP client to "hostname" should already be filtered for the valid characters. It is not clear which chars are valid. Wikipedia suggests [a-z0-9A-Z-] and perhaps _ -> Marius for DHCP
Yes, RFC conforming hostname (FQDN) is AFAIK "^[[:alnum:]]+([\\.-][[:alnum:]]+)*$" (plus length constrains). The "_" character is AFAIR not RFC conform, but we may add it to the set because some people try to use it... So this regex should be IMO OK: "^[[:alnum:]]+([\\.-_][[:alnum:]]+)*$" OK, to use it (check using a regex)? Added Peter as maintainer of dhcpcd.
After an update of dhcp client on 11.3, dhclient also accepts the hostname option. It escapes some characters but forgets |. On a SLE11-SP1 dhcpcd is accepting anything and somewhere in the boot scripts it already executes the commands, it is not necessary to login. On 11.3 dhcpcd also accepts anything. At best there is some whitelisting. We also need to check ip6, I dont know whether similar options exist there, but I think so.
Created attachment 416835 [details] First patch idea for dhcpcd (SLE-11) Until now ... it compiles, but I didn't tested yet if it already works :-) When you have some ideas how to make it better, please let me know.
Work in progress is in $IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd
For the record: Adam Jackson told me that on REL dhcp clients are patched for quite some time now.
(In reply to comment #5) > For the record: Adam Jackson told me that on REL dhcp clients are patched for > quite some time now. AFAIS they aren't -- at least not ISC dhcp. But ISC dhcp client escapes the shell meta chars (except of '|' as noted in comment 2).
Created attachment 417094 [details] First patch idea for ISC dhcp client (3.x as on SLE-11) Because ISC dhcp escapes shell meta characters already, I've just added to escape '|' character as well. Further, because I don't check all strings as in the dhcpcd patch, but only the strings we want to reject (hostname & Co) - we may add more options to this list (and verify to not discard too much in dhcpcd too). Other options will be escaped: The dhclient also allows to declare own options in the config, ... and in case of many it is difficult to know what the user exactly needs (e.g. in some file names). This patch is not complete yet -- it contains the dhclient changes only: I'll add also a check of the hostname in the DNS PTR lookup done in in dhclient-script... Please take a look and comment.
Created attachment 417112 [details] Patch for dhcpv6 (SLE11) The dhcpv6 client does not support anything else except of a domain search list. This patch should cause to ignore domains with suspect characters...
The v4 patch looks ok sofar, IMHO. But the DNS thingie is still needed. Will dhcpcd also set the hostname via DNS PTR if "require hostname" is not set in the config?
Created attachment 417876 [details] v2 -- Patch for dhcpcd (3.2.3, SLE-11 +) I've fixed to handle DHCP_NETBIOSNODETYPE values correctly and the DHCP_ROOTPATH to just check via isprint, because it is allowed to contain "every crap" by RFC. The ROOTPATH is written single quoted to the /var/lib/dhcpcd/*.info file. Making it too tight will break booting for many customers, so we should take care a lot here.
Comment on attachment 417112 [details] Patch for dhcpv6 (SLE11) This can be as it were. It does not support any other options except of domain search and server list.
Created attachment 417877 [details] v2 -- Patch for ISC dhclient (3.x as on SLE-11) Checks & rejects host- & domain names, anything else gets escaped anyway (now inclusive of the | character). Basically as in dhcpcd. All variables are passed via env to the dhclient-script.
Created attachment 417879 [details] v2 -- Patch for ISC dhclient (3.x as on SLE-11) - PTR lookup in dhclient-script
(In reply to comment #9) > The v4 patch looks ok sofar, IMHO. But the DNS thingie is still needed. Yes, now in dhclient-script patch in attachment 417879 [details]. > Will dhcpcd also set the hostname via DNS PTR if > "require hostname" is not set in the config? AFAIK it always requests the hostname (almost all options) and it can happen it will set it when the hostname is not set or set to "localhost" or "(none)": gethostname (curhostname, MAXHOSTNAMELEN); if (options->dohostname || strlen (curhostname) == 0 || strcmp (curhostname, "(none)") == 0 || strcmp (curhostname, "localhost") == 0) { ... if (! *newhostname || options->dohostname > 3) lookuphostname (newhostname, dhcp, options); ... if (*newhostname) { ... sethostname (newhostname, (int) strlen (newhostname)); In all above cases, when the dhcp server did not provide any, dhcpcd will make a DNS PTR lookup [the patch checks the result].
BTW: There is a bug with gethostname use: configure.c: curhostname = xmalloc (sizeof (char) * MAXHOSTNAMELEN); *curhostname = '\0'; gethostname (curhostname, MAXHOSTNAMELEN); dhcpcd.c: gethostname (options->hostname, sizeof (options->hostname)); gethostname does not terminate (allowed by POSIX), when the hostname ist longer than the 2nd arg: size_t i; char curhostname[15] = {'X','X','X','X','X','X','X','X','X','X','\0'}; gethostname(curhostname, 5); for(i=0;i<sizeof(curhostname); i++) printf("%02x ", curhostname[i]); printf("\n"); for(i=0;i<sizeof(curhostname) && curhostname[i]; i++) printf("%c ", curhostname[i]); printf("\n"); On my "xanthos" machine I get: 78 61 6e 74 68 58 58 58 58 58 00 00 00 00 00 x a n t h X X X X X
Created attachment 418575 [details] v3 -- Patch for dhcpcd 3.2.3 (SLE-11 .. 11.4) The version of the dhcpcd-3.x patch is the final one -- as I hope. It makes following changes: - Implemented length and character constrains for all strings, especially host and domain names (lists) inclusive of getaddrinfo (PTR lookup), gethostname results, the server name and for the root-path option. - hostname as list of [[:alnum:]_-] labels with 1..63 length separated by a [.] character with a total length of 1..255. The [-] and [-] are not allowed at the begin or end of a label. A final [.] is allowed. That is: "a" "a.b" "a.b." "a-_-b.c." are fine, "-a" or "a-.b" is not. - Limitted root-path to a [[:alnum:] ]+ string (with space) of any length and the following additional chars (inclusive backslash): #%+,-/.:@\_~ This disallows !"$&'()*;<=>?[]^`{|}) from the [:print:] class. This string is stored single quoted in the info file. => Please review these checks or we break e.g. iSCSI root systems !! Only hostname option is set directly via sethostname. All options are stored single quoted in the info file. The bootfile from dhcp message is ignored / never used anyway. - Forced \0 termination of hostname returned by gethostname as POSIX allows to not truncate it, when the name is longer than the buffer. Please review the and let me know if this is ok or not. I'm going to apply to internal build system: home:mtomaschewski:branches:openSUSE:11.2:Update:Test/dhcpcd home:mtomaschewski:branches:openSUSE:11.3:Update:Test/dhcpcd home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpcd home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd and to port it for dhcpcd-1.x on SLE-10 and the other dhcp clients.
Hannes, Marcus, would you take a look please at the root-path checks described above? Do we need to allow/disallow another characters here?
Created attachment 418582 [details] Test tool using the functions to check hostname / domain lists.
See comment 17.
the root-path limitations doesn't cause a problem on my system so to me it looks rock solid now :-)
Created attachment 418601 [details] v4 -- Patch for dhcpcd 3.2.3 (SLE-11 .. 11.4) Fixed a typo and missed stddef include
Created attachment 418637 [details] v4 -- Patch for ISC dhclient (3.x as on SLE-11)
Created attachment 418638 [details] v4 -- Patch for ISC dhclient (3.x as on SLE-11) - PTR lookup in dhclient-script
Created attachment 419598 [details] v5 -- Patch for dhcpcd 3.2.3 (SLE-11 .. 11.4) fixed to allow empty servername
CVE-2011-0997
MaintenanceTracker-39410
Created attachment 419688 [details] test case for dhcpcd in a 11.4 xen domU and server in xen dom0
The dhcpcd package in IBS/home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpcd passed all the my/above tests. It contains the following fixes: - bnc#675052 - discard string options such as host and domain names containing disallowed characters or beeing too long. This proctive patch limits root-path to a-zA-Z0-9, #%+,-/.:@\_~ and space. - bnc#668194 - handle packets with xen partial UDP checksums - bnc#657402 - send renew messages as unicast directly to the server Peter, please let us know when it did not passed your tests. Maintenance & Security Team: Patch for bnc#657402 should IMO go to any dist with dhcpcd-3 [>sle10], patch for bnc#668194 needs a kernel marking partial checksum packages. Currently only the 11.4 kernel marks them correctly. OK so far? I'm going to finish (dhcpv6 in dhcp-4.x on >=11.3) & retest ISC dhclient tomorrow, then the dhcpcd option checks for dhcp6/dhcpcd-1.x on sles10.
Updated IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd note: bnc#672038 [L3 on sles11] == bnc#657402 [11.4]
We've were speaking about this issue with Ludwig and he pointed me to one issue that is not yet addressed: When the client sends a hostname to the dhcp server, the server may write it to DNS... It seems, we have to check also the hostname option, that the user passes to dhcp clients at start... It would IMO also make sense to reject crap in e.g. dhcp server and bind.
Created attachment 419743 [details] v6 -- Patch for dhcpcd 3.2.3 (SLE-11 .. 11.4) This patch addresses above issue disallowing invalid hostnames for -h argument (& gethostname as fallback) in dhcpcd. Updated: $IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd $IBS/home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpcd
handle over to security team
We propose a CRD of 5th April.
Created attachment 420735 [details] v7 -- Patch for dhcpcd 3.2.3 (SLE-11 .. 11.4) fixed isalnum use in the patch as pointed out by Joerg Sonnenberger updated in IBS/home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpcd IBS/home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd
Created attachment 421714 [details] Patch for dhcpcd 1.3.x (SLE-10)
AFAIS, bnc#627617 is on the planned list for SP3 (see also bug 627617 comment 23 and 24), so I've applied it: +Wed Nov 17 17:32:39 UTC 2010 - mt@suse.de + +- Implemented optional ldap connect retry loop during the initial + startup of the dhcp server in cases where the ldap server is not + yet started. Set the ldap-init-retry <secs> option in dhcpd.conf + to enable it (bnc#627617). request from -> to [bnc#675052 + bnc#627617] 11335 home:mtomaschewski:branches:SUSE:SLE-10-SP3:Update:Test/dhcp -> SUSE:SLE-10-SP3:Update:Test There is no difference between the dhcp6 and dhcpcd packages on SP3 and SP4, so I've submitted them twice: request from -> to [bnc#675052] 11332 home:mtomaschewski:branches:SUSE:SLE-10-SP4:Update:Test/dhcp -> SUSE:SLE-10-SP4:Update:Test 11334 home:mtomaschewski:branches:SUSE:SLE-10-SP4:Update:Test/dhcp6 -> SUSE:SLE-10-SP3:Update:Test 11333 home:mtomaschewski:branches:SUSE:SLE-10-SP4:Update:Test/dhcp6 -> SUSE:SLE-10-SP4:Update:Test 11316 home:mtomaschewski:branches:SUSE:SLE-10-SP4:Update:Test/dhcpcd -> SUSE:SLE-10-SP4:Update:Test 11315 home:mtomaschewski:branches:SUSE:SLE-10-SP4:Update:Test/dhcpcd -> SUSE:SLE-10-SP3:Update:Test This should be OK, isn't it?
Created attachment 421996 [details] Patch for dhcp6 (SLE-10)
Created attachment 421999 [details] Patch for ISC dhcp-3.0.7 (SLE-10)
If there is no difference then it should be OK, from my perspective. (if the .changelog etc is also SLE-version agnostic) So we need SLE11 (SLES9 probably?) and boxes.
SLES-9: I didn't looked yet. Hope, the SLE-10 patches apply here. SLE-10: done & submitted SLE-11: [ISC dhcp & dhcpcd] there is an open question in: https://bugzilla.novell.com/show_bug.cgi?id=668194#c37 11.4: [ISC dhcp] there is an still unfixed 100% CPU bug: https://bugzilla.novell.com/show_bug.cgi?id=680298 I'm committing & submitting dhcpv6 packages currently.
Created attachment 422465 [details] DHCP fix submit overview
Created attachment 422537 [details] DHCP fix submit request overview
All sles packages are IMO submitted (see comment 42), box is in: home:mtomaschewski:branches:openSUSE:11.2:Update:Test/dhcpv6 home:mtomaschewski:branches:openSUSE:11.2:Update:Test/dhcpcd home:mtomaschewski:branches:openSUSE:11.2:Update:Test/dhcp home:mtomaschewski:branches:openSUSE:11.3:Update:Test/dhcpv6 home:mtomaschewski:branches:openSUSE:11.3:Update:Test/dhcpcd home:mtomaschewski:branches:openSUSE:11.3:Update:Test/dhcp home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpv6 home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcpcd home:mtomaschewski:branches:openSUSE:11.4:Update:Test/dhcp Peter merges 11.2 dhcpcd...
In _IBS_ of course...
ISC has released 4.2.1-P1 addressing CVE-2011-0997 (bnc#675052), see http://ftp.isc.org/isc/dhcp/dhcp-4.2.1-P1-RELNOTES [...] Changes since 4.2.1 ! In dhclient check the data for some string options for reasonableness before passing it along to the script that interfaces with the OS. [ISC-Bugs #23722] CVE: CVE-2011-0997 [...]
This bug (675052) was mentioned in https://build.opensuse.org/request/show/66197 https://build.opensuse.org/request/show/66199 https://build.opensuse.org/request/show/66202 https://build.opensuse.org/request/show/66203 https://build.opensuse.org/request/show/66204 https://build.opensuse.org/request/show/66205 Time to make bug this public?
Created attachment 423400 [details] Patch for dhcpcd 3.2.3 (SLE-11, 11.2 .. 11.4)
Created attachment 423401 [details] Patch for ISC dhclient (3.1-ESV on SLE-11)
Update released for: dhcpcd, dhcpcd-debuginfo Products: SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Update released for: dhcpcd, dhcpcd-debuginfo Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
We might have a regression in parsing the DNSDOMAIN answer from dhcp servers. We see this in all related maintenance updates under swamp (39410) from SLES9 to SLE11SP1: before: riker:~ # dhcpcd-test eth0 | grep DOMAIN DNSDOMAIN='suse.de arch.suse.de nue.novell.com' NISDOMAIN='suse.de' after: riker:~ # dhcpcd-test eth0 | grep DOMAIN NISDOMAIN='suse.de' /var/log/messages: Apr 6 14:33:13 riker dhcpcd[26124]: suspect value in option DNSDOMAIN - discarded
summary. Having a list in dnsdomain is not standard, but was used to get a list of domains in the search list of resolv.conf. older distros might not evaluate the SEARCH record yet. We will be contacting ISC to report this and also likely respin all dhcp patches (pending ISC review) to allow DNSDOMAIN record be a list for now. :/
Created attachment 423457 [details] domain-name regression mail sent upstream
Created attachment 423458 [details] Patch for ISC dhcp-4.2.x to accept a list in domain-name option The verbose variant does this: + case DHO_DOMAIN_NAME: /* accept a list for compatibiliy */ + if( check_domain_name_list(ptr, len, 0) == 0) { + if(strchr(ptr, ' ') != NULL) { + log_debug("domain-name provides a domain list; " + "update server to use domain-search"); + } + return(0); + } + return(-1); + break; but may effectively cause many log lines... I think it is better to document it only, isn't it?
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DESKTOP 10-SP4 (i386, x86_64) SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
While testing the maintenance update Products: SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64), Novell-Linux-POS 9 (i386), Open-Enterprise-Server 9 (i386) Category: security YOU Patch No: 12696 MD5 sum: ad848aa99325481552899b84d0f82433 SUBSWAMPID: 39923 Packager: mt@novell.com Packages: dhcpcd >= 1.3.22pl4-193.17 I noticed a critical side effect of what I described in comment 51: The resolv.conf written by /sbin/modify_resolvconf (I guess it takes it input from the dhcp client) has some non-ascii characters in the search list like search �@�@
Created attachment 423470 [details] affected /etc/resolv.conf
(In reply to comment #56) Seems to be this bug, that is independend of the check: if ( DhcpOptions.len[domainName] ) NewSearchlist = malloc(strlen(OldSearchlist) + 2 + strlen((char *)DhcpOptions.val[domainName]) ); else NewSearchlist = malloc(strlen(OldSearchlist) + 2); + NewSearchlist[0] = 0; but I have to verify it... When there (is no resolv.conf and also) no DOMAIN from dhcp -> #c56.
OK, now in IBS sr 11443. SLE-10 does not have this problem. Please test.
ping! updated dhcpcd for openSUSE still missing!
Update released for: dhcp, dhcp-client, dhcp-client-debuginfo, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-doc, dhcp-relay, dhcp-relay-debuginfo, dhcp-server, dhcp-server-debuginfo Products: openSUSE 11.4 (debug, i586, x86_64)
Update released for: dhcp, dhcp-client, dhcp-client-debuginfo, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-doc, dhcp-relay, dhcp-relay-debuginfo, dhcp-server, dhcp-server-debuginfo Products: openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Update released for: dhcpcd Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-debugsource, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: dhcp, dhcp-client, dhcp-devel, dhcp-relay, dhcp-server Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
Update released for: dhcpcd, dhcpcd-debuginfo, dhcpcd-debugsource Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
(In reply to comment #64) > ping! updated dhcpcd for openSUSE still missing! Allready done: SR 66414 & 66233 And now I've created 66606
11.3 doesn't use the updated patch to allow spaces in DHCP_DNSDOMAIN.
created request id 66795
Update released for: dhcpv6, dhcpv6-debuginfo, dhcpv6-debugsource, libdhcp6client-1_0-2, libdhcp6client-devel Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: dhcp, dhcp-client, dhcp-debuginfo, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
Update released for: dhcpcd, dhcpcd-debuginfo, dhcpcd-debugsource Products: openSUSE 11.3 (debug, i586, x86_64)
Update released for: dhcpcd, dhcpcd-debuginfo, dhcpcd-debugsource Products: openSUSE 11.4 (debug, i586, x86_64)
Update released for: dhcpcd, dhcpcd-debuginfo, dhcpcd-debugsource Products: openSUSE 11.2 (debug, i586, x86_64)
Update released for: dhcp6, dhcp6-debuginfo Products: SLE-SDK 10-SP4 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP4 (i386, ia64, ppc, s390x, x86_64)
Created attachment 425175 [details] fix for regression A regression in the latest maintenance update - the sip value may be NULL and shouldn't be blindly passed to strlen()
11569 State:new By:mtomaschewski When:2011-04-15T16:10:20 submit: home:mtomaschewski:branches:SUSE:SLE-11-SP1:Update:Test/dhcpcd -> SUSE:SLE-11-SP1:Update:Test Descr: bug#687850: sip check regression for bnc#675052
wow, that was a mean one. Did you check whether the other places could crash in a similar way?
I didn't look very closely, but the things I looked at seemed to test for NULL correctly, so I think this was the only one. At least in that patch
I've submitted dhcpcd with the sip option fix for 11.2 .. 11.4 as well: request ids 67845,67846,67847.
Marius, this issue also qualifies for an LTSS updates due to its severity. can you submit: - dhcp, dhcp6, dhcpcd also against /work/SRC/old-versions/10.1/SLE-SP2/all for sles10 sp2 ltss?
As it is just a difference this fix, done for: - Request #11745: SUSE:SLE-10-SP4:Update:Test/dhcp6 -> SUSE:SLE-10-SP2:Update:Test/dhcp6 - Request #11746: SUSE:SLE-10-SP4:Update:Test/dhcpcd -> SUSE:SLE-10-SP2:Update:Test/dhcpcd [ISC] dhcp needs a closer look / merges.
Update released for: dhcp6, dhcp6-debuginfo Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)
The sles9 ia64 crash from #c76 is likely caused by someone else writing resolv.conf while dhcp6c is trying to read it. the changing size confuses glibc and gives that crash / backtrace. As i checked sinope, both dhcp-client and dhcpcd were running, which makes this likely. Try retest without any other dhcp client running.
This is an autogenerated message for OBS integration: This bug (675052) was mentioned in https://build.opensuse.org/request/show/66213 https://build.opensuse.org/request/show/66216 https://build.opensuse.org/request/show/66233 https://build.opensuse.org/request/show/66388 https://build.opensuse.org/request/show/66389 https://build.opensuse.org/request/show/66390 https://build.opensuse.org/request/show/66393 https://build.opensuse.org/request/show/66396 https://build.opensuse.org/request/show/66414 https://build.opensuse.org/request/show/66606 https://build.opensuse.org/request/show/66795 https://build.opensuse.org/request/show/67845 https://build.opensuse.org/request/show/67846 https://build.opensuse.org/request/show/67847
Update released for: dhcp6, dhcpcd Products: SLE-SERVER 10-SP2-LTSS (i386, s390x, x86_64)
Update released for: dhcp6 Products: Novell-Linux-POS 9 (i386) Open-Enterprise-Server 9 (i386) SUSE-CORE 9 (i386, ia64, ppc, s390, s390x, x86_64)
nearly all done (but sle10 sp2 ltss dhcp)
*** Bug 689182 has been marked as a duplicate of this bug. ***
Update released for: dhcp, dhcp-client, dhcp-devel, dhcp-relay, dhcp-server Products: SLE-SERVER 10-SP2-LTSS (i386, s390x, x86_64)