Debian Security Advisory DSA 219-1 (dhcpcd)

Summary
The remote host is missing an update to dhcpcd announced via advisory DSA 219-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20219-1
Insight
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server. This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package. We recommend that you upgrade your dhcpcd package (on the client