aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorzi <zi@FreeBSD.org>2012-08-02 20:59:58 +0800
committerzi <zi@FreeBSD.org>2012-08-02 20:59:58 +0800
commit4f6cac0a50c00b130ed0eb1cdc51cc561ab79874 (patch)
treec865ada529c09da3cd8a9d793bbaccc1b36b129f /security
parent3d36312b7b952d77e6aed3d27e58c9be264ca07e (diff)
downloadfreebsd-ports-gnome-4f6cac0a50c00b130ed0eb1cdc51cc561ab79874.tar.gz
freebsd-ports-gnome-4f6cac0a50c00b130ed0eb1cdc51cc561ab79874.tar.zst
freebsd-ports-gnome-4f6cac0a50c00b130ed0eb1cdc51cc561ab79874.zip
- Cleanup whitespace
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml35
1 files changed, 19 insertions, 16 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index bafc12e2f1bd..bb51491e8c61 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -301,24 +301,27 @@ Note: Please add new entries to the beginning of this file.
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://www.isc.org/announcement/bind-and-dhcp-security-updates-released">
- <p>An unexpected client identifier parameter can cause the ISC DHCP daemon
- to segmentation fault when running in DHCPv6 mode, resulting in a denial
- of service to further client requests. In order to exploit this
- condition, an attacker must be able to send requests to the DHCP server.</p>
- <p>An error in the handling of malformed client identifiers can cause a DHCP
- server running affected versions (see "Impact") to enter a state where
- further client requests are not processed and the server process loops
- endlessly, consuming all available CPU cycles.
- Under normal circumstances this condition should not be triggered, but
- a non-conforming or malicious client could deliberately trigger it in a
- vulnerable server. In order to exploit this condition an attacker must
- be able to send requests to the DHCP server.</p>
+ <p>An unexpected client identifier parameter can cause the ISC DHCP
+ daemon to segmentation fault when running in DHCPv6 mode,
+ resulting in a denial of service to further client requests. In
+ order to exploit this condition, an attacker must be able to send
+ requests to the DHCP server.</p>
+ <p>An error in the handling of malformed client identifiers can cause
+ a DHCP server running affected versions (see "Impact") to enter a
+ state where further client requests are not processed and the
+ server process loops endlessly, consuming all available CPU
+ cycles.
+ Under normal circumstances this condition should not be
+ triggered, but a non-conforming or malicious client could
+ deliberately trigger it in a vulnerable server. In order to
+ exploit this condition an attacker must be able to send requests
+ to the DHCP server.</p>
<p>Two memory leaks have been found and fixed in ISC DHCP. Both are
reproducible when running in DHCPv6 mode (with the -6 command-line
- argument.) The first leak is confirmed to only affect servers operating
- in DHCPv6 mode, but based on initial code analysis the second may
- theoretically affect DHCPv4 servers (though this has not been
- demonstrated.)</p>
+ argument.) The first leak is confirmed to only affect servers
+ operating in DHCPv6 mode, but based on initial code analysis the
+ second may theoretically affect DHCPv4 servers (though this has
+ not been demonstrated.)</p>
</blockquote>
</body>
</description>