dhcpcd: CVE-2014-6060

All Evolve OS users are advised to update their systems as soon as possible. A vulnerability exists in dhcpcd which allows a denial of service. We have backported the relevant fix to our version of dhcpcd to ensure minimal disruption whilst maintaining security,


A description from the National Vulnerability Database:


The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

To update your system, please issue the following command via the terminal:

sudo eopkg upgrade


Please note you will need to reboot for the change to take effect, as dhcpcd will be an active process if you are connected to a network.

Leave a reply

You must be logged in to post a comment.