Bug 1134078 – VUL-1: CVE-2019-6470: dhcp: DHCPv6 server crashes regularly

Bug 1134078 - (CVE-2019-6470) VUL-1: CVE-2019-6470: dhcp: DHCPv6 server crashes regularly

(CVE-2019-6470)
Summary:	VUL-1: CVE-2019-6470: dhcp: DHCPv6 server crashes regularly

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/232156/
Whiteboard:	CVSSv2:NVD:CVE-2019-6470:5.0:(AV:N/AC...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2019-05-03 15:02 UTC by Marcus Meissner
Modified:	2020-05-12 14:36 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
46719.v4_3.diff (7.56 KB, patch) 2019-05-03 15:05 UTC, Marcus Meissner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2019-05-03 15:02:31 UTC

CVE-2019-6470

https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-6470.html
https://bugs.launchpad.net/ubuntu/%2Bsource/isc-dhcp/%2Bbug/1781699


Jul 14 09:35:53 <hostname> sh[1543]: ../../../lib/isc/heap.c:251: REQUIRE(idx >= 1 && idx <= heap->last) failed, back trace

Comment 1 Marcus Meissner 2019-05-03 15:05:46 UTC

Created attachment 804145 [details]
46719.v4_3.diff

46719.v4_3.diff

Comment 3 Swamp Workflow Management 2019-10-14 19:53:06 UTC

SUSE-SU-2019:2657-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1089524,1134078,1136572
CVE References: CVE-2019-6470
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP1 (src):    dhcp-4.3.5-6.3.1
SUSE Linux Enterprise Module for Server Applications 15 (src):    dhcp-4.3.5-6.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    dhcp-4.3.5-6.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    dhcp-4.3.5-6.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    dhcp-4.3.5-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    dhcp-4.3.5-6.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 4 Swamp Workflow Management 2019-10-20 04:11:20 UTC

openSUSE-SU-2019:2341-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1089524,1134078,1136572
CVE References: CVE-2019-6470
Sources used:
openSUSE Leap 15.1 (src):    dhcp-4.3.5-lp151.6.3.1

Comment 5 Swamp Workflow Management 2019-10-20 04:12:04 UTC

openSUSE-SU-2019:2340-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1089524,1134078,1136572
CVE References: CVE-2019-6470
Sources used:
openSUSE Leap 15.0 (src):    dhcp-4.3.5-lp150.5.3.1

Comment 6 Swamp Workflow Management 2019-10-21 16:12:48 UTC

SUSE-SU-2019:2727-1: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1089524,1134078,1136572
CVE References: CVE-2019-6470
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    dhcp-4.3.3-10.19.1
SUSE Linux Enterprise Server 12-SP4 (src):    dhcp-4.3.3-10.19.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    dhcp-4.3.3-10.19.1
SUSE CaaS Platform 3.0 (src):    dhcp-4.3.3-10.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Swamp Workflow Management 2019-11-13 01:09:02 UTC

SUSE-SU-2019:2727-2: An update that solves one vulnerability and has two fixes is now available.

Category: security (moderate)
Bug References: 1089524,1134078,1136572
CVE References: CVE-2019-6470
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    dhcp-4.3.3-10.19.1
SUSE Linux Enterprise Server 12-SP5 (src):    dhcp-4.3.3-10.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Alexandros Toptsoglou 2020-05-12 14:36:23 UTC

Done