Omapi code doesn’t free socket descriptors when empty message is received allowing denial-of-serviceIt was found that the DHCP daemon did not properly clean up closed OMAPI connections in certain cases. A remote attacker able to connect to the OMAPI port could use this flaw to exhaust file descriptors in the DHCP daemon, leading to a denial of service in the OMAPI functionality.(CVE-2017-3144 )
Allows unauthorized disclosure of information; allows unauthorized modification; allows disruption of service.
Please refer to Amazon advisory ALAS-2018-963 for affected packages and patching details, or update with your package manager.
Following are links for downloading patches to fix the vulnerabilities: