Debian has notified vendor-sec of a security hole in dhcpcd: A malformed DHCP
packet can make the code read beyond the end of a buffer and therefore
potentially crash. There's no root execution exposure.
Created attachment 116105 [details]
Proposed patch for this issue
Public by Debian, removing embargo
Now fixed with dhcpcd-1.3.20pl0-2 .
Errata RHSA-2005:603-02 raised.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.