ELA-742-1 dhcpcd5 security update

latency attack

Version6.10.1-1+deb9u1 (stretch)
Related CVEs CVE-2019-11578 CVE-2019-11579

Several security vulnerabilities have been discovered in dhcpcd5, a DHCPv4 and DHCPv6 dual-stack client.


dhcp.c in dhcpcd contains a 1-byte read overflow with DHO_OPTSOVERLOADED.


auth.c in dhcpcd allowed attackers to infer secrets by performing latency attacks.

For Debian 9 stretch, these problems have been fixed in version 6.10.1-1+deb9u1.

We recommend that you upgrade your dhcpcd5 packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.