Published: 27 November 2019
An issue was discovered in dhclient 4.3.1-6 due to an embedded path variable.
CVSS 3 base score: 8.1
In Ubuntu, the build directory is set to PATH=/build/buildd/isc-dhcp-4.2.4/debian/tmp/usr/sbin. since it is a top-level directory, the attacker would need to be root to exploit this. Also, USN-1571-1 sets an explicit PATH in dhclient-script, so it's likely we're not vulnerable at all.