-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : ppp Version : 2.4.6-3.1+deb8u1 CVE ID : CVE-2020-8597 Debian Bug : 950618
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp, the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name. This issue is also mitigated by Debian's hardening build flags. For Debian 8 "Jessie", this problem has been fixed in version 2.4.6-3.1+deb8u1. We recommend that you upgrade your ppp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl5ATENfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQsLg/9FGyLXX1/y5IyEMX+hk+tGRqciGYhlCozjBIyezsZ/EmKJENzmmDS5SCm MjAy2kvi2S66up0UNVCXzOsWunaSoeqvdBBxDe7HSYz6bKbAt+lUgoLw4kvSEFaX rwLVIkLZ7kqB3bCK25/yzntdgeZuZK/M6ydbWDG/RwaBQ5GV2JJafsR2BG99iRpD nUFScJH6fc0A4yDflecPh03HE5ZgHxpoF5muV0tQyIDoiTk2xHEUVW/s3tUYm8MT uKe2HwGxaiPgyqlFJZABRsZgFLhKeXPoOweeXSh6rvMNj7gs0qoQ/JIVO975ruDM 8QcTZ1r/x6SJPST/moEinypRkrxhofxmhn3/nXs+1H7HSczBRXwMrWtMpW2BFK52 YjNFqHE4DxJoGXtT1KVZ/3jxnrj+pRN0cxGqN41c7r4OsmwhK82ZoQ8zpa6FYeaw h7CD2a8MvjenTpg2/sHoVtSyE2qQm8MJZ6X3YmwO6pnPXciqnpKwps9Rfo9nkQpi /sGUkD0qc5z0QLBaVD0jiDGOHmVDdu2Yz2s1ozKUnAtndAGAvtKlFtqGRQmT2AMs wdMT7rxle9MKoqZlUYTz6iMRl+2OZfT3jCAvsa45Cb1uOJRL4zq1x8WjXvY7z6xW 6mAwioW8f73El5NUWK2N706vdWm+SFjY31udz8OIDhQInn5QeNI= =I3OS -----END PGP SIGNATURE-----