ppp-2.4.5-11.AXS4

エラータID: AXSA:2020-4482:02

Release date: 
Thursday, February 27, 2020 - 16:45
Subject: 
ppp-2.4.5-11.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.

Security Fix(es):

* ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Solution: 

Update packages.

CVEs: 
CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Additional Info: 

N/A

Download: 

SRPMS
  1. ppp-2.4.5-11.AXS4.src.rpm
    MD5: 694523503c8c54799d17193e105ea3e6
    SHA-256: e0342b0cd9fafdea6c8ed63715a4e440adaa143061356351a00ca0b001d79303
    Size: 704.36 kB

Asianux Server 4 for x86
  1. ppp-2.4.5-11.AXS4.i686.rpm
    MD5: 8f55bea16b3efbd269c699192339ec0f
    SHA-256: a6024018ddfd130849333545ffd86944bf2f9d2ecfb0e3ef939072b34bc6514f
    Size: 324.03 kB

Asianux Server 4 for x86_64
  1. ppp-2.4.5-11.AXS4.x86_64.rpm
    MD5: f14d0634453b1263e751e3597615d5f0
    SHA-256: e3cf3bd56c796745f7284e36f259d17e416e08701f6ce4b0ad8fa88c8f2e4f3b
    Size: 327.62 kB