CVE-2019-6470

NameCVE-2019-6470
DescriptionDHCPv6 server crashes regularly
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs896122

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
isc-dhcp (PTS)jessie (security), jessie4.3.1-6+deb8u3vulnerable
stretch (security), stretch4.3.5-3+deb9u1vulnerable
bullseye, sid, buster4.4.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
isc-dhcpsource(unstable)4.4.1-2896122

Notes

[stretch] - isc-dhcp <ignored> (Issue triggerable only when build against bind >= 9.11.3)
[jessie] - isc-dhcp <ignored> (Issue triggerable only when build against bind >= 9.11.3)
https://bugs.isc.org/Public/Ticket/Display.html?id=48804
https://bugzilla.redhat.com/show_bug.cgi?id=1641246
https://bugs.launchpad.net/ubuntu/%2Bsource/isc-dhcp/%2Bbug/1781699
Issue is caused by https://gitlab.isc.org/wpk/bind9/commit/65a483106e45704e19781bfe4f4634db4f77562e
isc-dhcp builds against system bind library, and commit for upstream
issue 4829 is first introduced in 9.11.3+dfsg-1. The underlying issue
is only uncovered when build gainst versions >= 9.11.3.

Search for package or bug name: Reporting problems