OK so are those the only ones you know of? I am going to patch but just wondering about this category of attack in a more general sense so want to make sure I understand the scope of this particular one.
So say I have a server that is running a VPN (tinc). Then another system is connected to that same VPN network. Are you saying that by running a DHCP server on the second system, my server could be compromised?
It's impossible to enumerate all evil. There's no way of knowing what else is vulnerable until it's demonstrated to be vulnerable. I've commented elsewhere, though, describing what types of function calls and programs are likely to be vulnerable.
So say I have a server that is running a VPN (tinc). Then another system is connected to that same VPN network. Are you saying that by running a DHCP server on the second system, my server could be compromised?