Package: release.debian.org User: release.debian....@packages.debian.org Usertags: unblock
Please unblock ppp/2.4.6-3.1. It fixes a DoS vulnerability in the pppd radius plugin. Thanks, ema diff -Nru ppp-2.4.6/debian/changelog ppp-2.4.6/debian/changelog --- ppp-2.4.6/debian/changelog 2014-10-19 11:56:12.000000000 +0200 +++ ppp-2.4.6/debian/changelog 2015-04-14 08:29:42.000000000 +0200 @@ -1,3 +1,16 @@ +ppp (2.4.6-3.1) unstable; urgency=high + + * Non-maintainer upload. + * Urgency high due to fix for DoS vulnerability. + * Fix buffer overflow in rc_mksid(). + The function converts the PID of pppd to hex to generate a pseudo-unique + string. If the process id is bigger than 65535 (FFFF), its hex + representation will be longer than 4 characters, resulting in a buffer + overflow. This bug can be exploited to cause a remote DoS. + (Closes: #782450) + + -- Emanuele Rocca <e...@debian.org> Tue, 14 Apr 2015 08:18:06 +0200 + ppp (2.4.6-3) unstable; urgency=high * Urgency high due to fix for CVE-2014-3158. diff -Nru ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow --- ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 1970-01-01 01:00:00.000000000 +0100 +++ ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 2015-04-14 08:27:53.000000000 +0200 @@ -0,0 +1,23 @@ +Description: Fix buffer overflow in rc_mksid() + rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string. + . + If the process id is bigger than 65535 (FFFF), its hex representation will be + longer than 4 characters, resulting in a buffer overflow. + . + The bug can be exploited to cause a remote DoS. + . +Author: Emanuele Rocca <e...@debian.org> +Bug-Debian: https://bugs.debian.org/782450 +Last-Update: <2015-04-14> + +--- ppp-2.4.6.orig/pppd/plugins/radius/util.c ++++ ppp-2.4.6/pppd/plugins/radius/util.c +@@ -77,7 +77,7 @@ rc_mksid (void) + static unsigned short int cnt = 0; + sprintf (buf, "%08lX%04X%02hX", + (unsigned long int) time (NULL), +- (unsigned int) getpid (), ++ (unsigned int) getpid () % 65535, + cnt & 0xFF); + cnt++; + return buf; diff -Nru ppp-2.4.6/debian/patches/series ppp-2.4.6/debian/patches/series --- ppp-2.4.6/debian/patches/series 2014-10-19 11:49:55.000000000 +0200 +++ ppp-2.4.6/debian/patches/series 2015-04-14 08:17:39.000000000 +0200 @@ -43,3 +43,4 @@ resolv.conf_no_log zzz_config secure-card-interpreter-fix +rc_mksid-no-buffer-overflow -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org