Several potential stack overflow vulnerabilities affect the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.
The dhcp package provides the ISC Dynamic Host Configuration Protocol (DHCP) server and relay agent. DHCP is a protocol which allows devices to get their own network configuration information from a server. The Internet Software Consortium has detected several potential vulnerabilities during an audit of the ISC DHCP server. These vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. Red Hat Linux 8.0 shipped with a version of DHCP that is vulnerable to these issues. All users of DHCP are advised to upgrade to the erratum packages which contain a backported patch to correct this issue. Other versions of Red Hat Linux and Red Hat Linux Advanced Server are based on version 2 of DHCP, and are therefore not vulnerable to this issue.