ppp-2.4.5-34.el7

エラータID: AXSA:2020-4481:01

Release date: 
Thursday, February 27, 2020 - 16:44
Subject: 
ppp-2.4.5-34.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.

Security Fix(es):

* ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Solution: 

Update packages.

CVEs: 
CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Additional Info: 

N/A

Download: 

SRPMS
  1. ppp-2.4.5-34.el7.src.rpm
    MD5: c40a57ce234b8801de2738a044b51ddb
    SHA-256: 19e8cf5c540923c240d095a621d0eed34acd2d86eb7e6d082fa97281fd9c0dc0
    Size: 739.62 kB

Asianux Server 7 for x86_64
  1. ppp-2.4.5-34.el7.x86_64.rpm
    MD5: 40f346784ce072a37ebefa4552f5c875
    SHA-256: 881d17a4c132a95a9378ca18820c6d04462e3b661fe8c56c7233734ca46fd7d8
    Size: 356.80 kB