[SECURITY] [DLA 2097-1] ppp security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2097-1] ppp security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 9 Feb 2020 19:15:31 +0100
Message-id: <[🔎] 95c0390c-1326-0058-65aa-bad3a9aec1de@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ppp
Version        : 2.4.6-3.1+deb8u1
CVE ID         : CVE-2020-8597
Debian Bug     : 950618

Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
the Point-to-Point Protocol daemon. When receiving an EAP Request
message in client mode, an attacker was able to overflow the rhostname
array by providing a very long name. This issue is also mitigated by
Debian's hardening build flags.

For Debian 8 "Jessie", this problem has been fixed in version
2.4.6-3.1+deb8u1.

We recommend that you upgrade your ppp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl5ATENfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQsLg/9FGyLXX1/y5IyEMX+hk+tGRqciGYhlCozjBIyezsZ/EmKJENzmmDS5SCm
MjAy2kvi2S66up0UNVCXzOsWunaSoeqvdBBxDe7HSYz6bKbAt+lUgoLw4kvSEFaX
rwLVIkLZ7kqB3bCK25/yzntdgeZuZK/M6ydbWDG/RwaBQ5GV2JJafsR2BG99iRpD
nUFScJH6fc0A4yDflecPh03HE5ZgHxpoF5muV0tQyIDoiTk2xHEUVW/s3tUYm8MT
uKe2HwGxaiPgyqlFJZABRsZgFLhKeXPoOweeXSh6rvMNj7gs0qoQ/JIVO975ruDM
8QcTZ1r/x6SJPST/moEinypRkrxhofxmhn3/nXs+1H7HSczBRXwMrWtMpW2BFK52
YjNFqHE4DxJoGXtT1KVZ/3jxnrj+pRN0cxGqN41c7r4OsmwhK82ZoQ8zpa6FYeaw
h7CD2a8MvjenTpg2/sHoVtSyE2qQm8MJZ6X3YmwO6pnPXciqnpKwps9Rfo9nkQpi
/sGUkD0qc5z0QLBaVD0jiDGOHmVDdu2Yz2s1ozKUnAtndAGAvtKlFtqGRQmT2AMs
wdMT7rxle9MKoqZlUYTz6iMRl+2OZfT3jCAvsa45Cb1uOJRL4zq1x8WjXvY7z6xW
6mAwioW8f73El5NUWK2N706vdWm+SFjY31udz8OIDhQInn5QeNI=
=I3OS
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2096-1] ruby-rack-cors security update
Next by Date: [SECURITY] [DLA 2098-1] ipmitool security update
Previous by thread: [SECURITY] [DLA 2096-1] ruby-rack-cors security update
Next by thread: [SECURITY] [DLA 2098-1] ipmitool security update
Index(es):
- Date
- Thread