UbuntuUpdates.org

Package "ppp"

Name: ppp

Description:

Point-to-Point Protocol (PPP) - daemon
Latest version: 2.4.5-5.1ubuntu2.3
Release: trusty (14.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ppp"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "ppp" in Trusty

Repository Area Version
base main 2.4.5-5.1ubuntu2
security main 2.4.5-5.1ubuntu2.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.5-5.1ubuntu2.3 2018-11-06 19:06:49 UTC

  ppp (2.4.5-5.1ubuntu2.3) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in pppd EAP-TLS implementation
    - debian/patches/CVE-2018-11574.patch: check lengths in pppd/eap.c,
      pppd/eap-tls.c.
    - CVE-2018-11574

 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2018 13:34:15 -0400
Source diff to previous version
CVE-2018-11574 Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure,

Version: 2.4.5-5.1ubuntu2.2 2015-05-05 19:06:29 UTC

  ppp (2.4.5-5.1ubuntu2.2) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via big process id
    - debian/patches/CVE-2015-3310.patch: limit size of process id in
      pppd/plugins/radius/util.c.
    - CVE-2015-3310
 -- Marc Deslauriers <email address hidden> Tue, 21 Apr 2015 13:02:32 -0400
Source diff to previous version
CVE-2015-3310 Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater tha

Version: 2.4.5-5.1ubuntu2.1 2014-12-01 17:06:19 UTC

  ppp (2.4.5-5.1ubuntu2.1) trusty-security; urgency=medium

  * SECURITY UPDATE: possible privilege escalation via option parsing
    - debian/patches/CVE-2014-3158.patch: fix integer overflow in
      pppd/options.c.
    - CVE-2014-3158
 -- Marc Deslauriers <email address hidden> Tue, 25 Nov 2014 16:16:56 -0500
CVE-2014-3158 Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options


About   -   Send Feedback to @ubuntu_updates