microsoft · azurelinux-security · Jun 29, 2026
@@ -0,0 +1,85 @@
+From eda8207c979883bf3d55601e5f91e4147f1641e3 Mon Sep 17 00:00:00 2001
+From: AllSpark <allspark@microsoft.com>
+Date: Mon, 29 Jun 2026 14:28:23 +0000
+Subject: [PATCH] DHCPv6: When deprecating addresses, restart on prefix
+ deletions
+
+Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
+Upstream-reference: AI Backport of https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25.patch
+---
+ src/dhcp6.c | 21 ++++++++++++++++++---
+ 1 file changed, 18 insertions(+), 3 deletions(-)
+
+diff --git a/src/dhcp6.c b/src/dhcp6.c
+index 8dc42d9..64b66d3 100644
+--- a/src/dhcp6.c
++++ b/src/dhcp6.c
+@@ -2507,12 +2507,13 @@ dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l,
+ }
+
+ #ifndef SMALL
+-static void
++static bool
+ dhcp6_deprecatedele(struct ipv6_addr *ia)
+ {
+ 	struct ipv6_addr *da, *dan, *dda;
+ 	struct timespec now;
+ 	struct dhcp6_state *state;
++	bool freed = false;
+
+ 	timespecclear(&now);
+ 	TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) {
+@@ -2538,11 +2539,14 @@ dhcp6_deprecatedele(struct ipv6_addr *ia)
+ 			if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr))
+ 				break;
+ 		}
+-		if (dda != NULL) {
++		if (dda != ia && dda != NULL) {
+ 			TAILQ_REMOVE(&state->addrs, dda, next);
+ 			ipv6_freeaddr(dda);
++			freed = true;
+ 		}
+ 	}
++
++	return freed;
+ }
+ #endif
+
+@@ -2550,7 +2554,11 @@ static void
+ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ {
+ 	struct ipv6_addr *ia, *ian;
++#ifndef SMALL
++	bool again;
++#endif
+
++again:
+ 	TAILQ_FOREACH_SAFE(ia, addrs, next, ian) {
+ 		if (ia->flags & IPV6_AF_EXTENDED)
+ 			;
+@@ -2572,7 +2580,9 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ 		/* If we delegated from this prefix, deprecate or remove
+ 		 * the delegations. */
+ 		if (ia->flags & IPV6_AF_DELEGATEDPFX)
+-			dhcp6_deprecatedele(ia);
++			again = dhcp6_deprecatedele(ia);
++		else
++			again = false;
+ #endif
+
+ 		if (ia->flags & IPV6_AF_REQUEST) {
+@@ -2585,6 +2595,11 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs)
+ 		if (ia->flags & IPV6_AF_EXTENDED)
+ 			ipv6_deleteaddr(ia);
+ 		ipv6_freeaddr(ia);
++#ifndef SMALL
++		/* Deletion may invalidate the next pointer so restart */
++		if (again)
++			goto again;
++#endif
+ 	}
+ }
+
+-- 
+2.45.4
+
@@ -1,7 +1,7 @@
 Summary:        A minimalistic network configuration daemon with DHCPv4, rdisc and DHCPv6 support
 Name:           dhcpcd
 Version:        10.0.8
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD-2-Clause AND ISC AND MIT
 Url:            https://github.com/NetworkConfiguration/%{name}
 Source0:        https://github.com/NetworkConfiguration/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -11,6 +11,7 @@ Source3:        systemd-sysusers.conf
 Patch0:         CVE-2026-56114.patch
 Patch1:         CVE-2026-56116.patch
 Patch2:         CVE-2026-56117.patch
+Patch3:         CVE-2026-56113.patch
 Group:          System Environment/Base
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@@ -78,6 +79,9 @@ install -d %{buildroot}%{_sharedstatedir}/%{_name}
 %{_sharedstatedir}/%{name}
 
 %changelog
+* Mon Jun 29 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 10.0.8-3
+- Patch for CVE-2026-56113
+
 * Sat Jun 27 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 10.0.8-2
 - Patch for CVE-2026-56117, CVE-2026-56116, CVE-2026-56114