Debian 10261 Published by

A ppp security update has been released for Debian GNU/Linux 8 LTS to address a buffer overflow vulnerability.



Package : ppp
Version : 2.4.6-3.1+deb8u1
CVE ID : CVE-2020-8597
Debian Bug : 950618

Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
the Point-to-Point Protocol daemon. When receiving an EAP Request
message in client mode, an attacker was able to overflow the rhostname
array by providing a very long name. This issue is also mitigated by
Debian's hardening build flags.

For Debian 8 "Jessie", this problem has been fixed in version
2.4.6-3.1+deb8u1.

We recommend that you upgrade your ppp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS