ppp-2.4.7-26.el8

エラータID: AXSA:2020-167:03

Release date: 
Thursday, June 18, 2020 - 12:53
Subject: 
ppp-2.4.7-26.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line.

Security Fix(es):

* ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.

Solution: 

Update packages.

CVEs: 
CVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.
Additional Info: 

N/A

Download: 

SRPMS
  1. ppp-2.4.7-26.el8.src.rpm
    MD5: 4854005594089e9a45c75d1e7e7548e3
    SHA-256: 0235d38fb540bf4f3ea5f8090ddd451cf7b0ee167998dc95c12c4d169f1bc72e
    Size: 779.00 kB

Asianux Server 8 for x86_64
  1. ppp-2.4.7-26.el8.x86_64.rpm
    MD5: a6ab0d19a4f6d9bbbe76b0b3ff363e76
    SHA-256: 8f5007ea16287f2e215eb913cb0942ea28fa8f38ec2b83344b2a6d1ec4155462
    Size: 405.98 kB