A ppp security update has been released for Debian GNU/Linux 8 LTS to address a buffer overflow vulnerability.
Package : ppp
Version : 2.4.6-3.1+deb8u1
CVE ID : CVE-2020-8597
Debian Bug : 950618
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
the Point-to-Point Protocol daemon. When receiving an EAP Request
message in client mode, an attacker was able to overflow the rhostname
array by providing a very long name. This issue is also mitigated by
Debian's hardening build flags.
For Debian 8 "Jessie", this problem has been fixed in version
2.4.6-3.1+deb8u1.
We recommend that you upgrade your ppp packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS