Candidate: CVE-2016-1503
PublicDate: 2016-04-18 00:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1503
 http://roy.marples.name/projects/dhcpcd/info/76a1609352263bd9def1300d7ba990679571fa30
Description:
 dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before
 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products,
 mismanages option lengths, which allows remote attackers to execute
 arbitrary code or cause a denial of service (heap-based buffer overflow)
 via a malformed DHCP response, aka internal bug 26461634.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_dhcpcd5:
upstream_dhcpcd5: released (6.10.1-1)
precise_dhcpcd5: ignored (reached end-of-life)
precise/esm_dhcpcd5: DNE (precise was needed)
trusty_dhcpcd5: ignored (reached end-of-life)
trusty/esm_dhcpcd5: DNE (trusty was needed)
vivid_dhcpcd5: ignored (reached end-of-life)
vivid/stable-phone-overlay_dhcpcd5: DNE
vivid/ubuntu-core_dhcpcd5: DNE
wily_dhcpcd5: ignored (reached end-of-life)
xenial_dhcpcd5: not-affected (6.10.1-1)
yakkety_dhcpcd5: not-affected (6.10.1-1)
zesty_dhcpcd5: not-affected (6.10.1-1)
artful_dhcpcd5: not-affected (6.10.1-1)
bionic_dhcpcd5: not-affected (6.10.1-1)
cosmic_dhcpcd5: not-affected (6.10.1-1)
disco_dhcpcd5: not-affected (6.10.1-1)
devel_dhcpcd5: not-affected (6.10.1-1)

Patches_dhcpcd:
upstream_dhcpcd: needs-triage
precise_dhcpcd: ignored (reached end-of-life)
precise/esm_dhcpcd: DNE (precise was needed)
trusty_dhcpcd: ignored (reached end-of-life)
trusty/esm_dhcpcd: DNE (trusty was needed)
vivid_dhcpcd: ignored (reached end-of-life)
vivid/stable-phone-overlay_dhcpcd: DNE
vivid/ubuntu-core_dhcpcd: DNE
wily_dhcpcd: DNE
xenial_dhcpcd: DNE
yakkety_dhcpcd: DNE
zesty_dhcpcd: DNE
artful_dhcpcd: DNE
bionic_dhcpcd: DNE
cosmic_dhcpcd: DNE
disco_dhcpcd: DNE
devel_dhcpcd: DNE