UbuntuUpdates.org

Package "ppp"

Name: ppp

Description:

Point-to-Point Protocol (PPP) - daemon

Latest version: 2.4.7-2+2ubuntu1.3
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://ppp.samba.org/

Links


Download "ppp"


Other versions of "ppp" in Bionic

Repository Area Version
base main 2.4.7-2+2ubuntu1
security main 2.4.7-2+2ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.4.7-2+2ubuntu1.3 2020-08-04 20:06:36 UTC

  ppp (2.4.7-2+2ubuntu1.3) bionic-security; urgency=medium

  * SECURITY UPDATE: arbitrary file disclosure vulnerability
    - debian/patches/load_ppp_generic_if_needed: removed, ppp has been
      built into Ubuntu kernels since at least 2012.
    - CVE-2020-15704

 -- Marc Deslauriers <email address hidden> Thu, 23 Jul 2020 08:55:31 -0400

Source diff to previous version
CVE-2020-15704 RESERVED

Version: 2.4.7-2+2ubuntu1.2 2020-02-20 15:06:41 UTC

  ppp (2.4.7-2+2ubuntu1.2) bionic-security; urgency=medium

  * SECURITY UPDATE: rhostname buffer overflow
    - debian/patches/CVE-2020-8597.patch: fix bounds check in EAP code in
      pppd/eap.c.
    - CVE-2020-8597

 -- Marc Deslauriers <email address hidden> Tue, 11 Feb 2020 10:05:26 -0500

Source diff to previous version
CVE-2020-8597 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Version: 2.4.7-2+2ubuntu1.1 2018-11-06 19:06:53 UTC

  ppp (2.4.7-2+2ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in pppd EAP-TLS implementation
    - debian/patches/CVE-2018-11574.patch: check lengths in pppd/eap.c,
      pppd/eap-tls.c.
    - CVE-2018-11574

 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2018 13:20:17 -0400

CVE-2018-11574 Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure,



About   -   Send Feedback to @ubuntu_updates