Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu: USN-4288-2 Critical: ppp Denial Of Service Threat

ubuntu
Calendar Grey March 2, 2020
Dist Ubuntu Esm H88
Ubuntu 14.04 and 12.04 LTS now include a critical ppp security patch to address vulnerabilities that could lead to denial of service and the potential for arbitrary code execution.
ppp could be made to crash or run programs if it received specially crafted network traffic.

Summary

ppp could be made to crash or run programs if it received specially crafted network traffic.

Software Description:

- ppp: Point-to-Point Protocol (PPP)

Details:

USN-4288-1 fixed a vulnerability in ppp. This update provides

the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.

Original advisory details:

It was discovered that ppp incorrectly handled certain rhostname values. A

remote attacker could use this issue to cause ppp to crash, resulting in a

denial of service, or possibly execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  ppp                             2.4.5-5.1ubuntu2.3+esm1

Ubuntu 12.04 ESM:
  ppp                             2.4.5-5ubuntu1.3

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4288-2

https://ubuntu.com/security/notices/USN-4288-1

CVE-2020-8597

Severity
critical
Lowest
Low
Medium
High
Critical

March 02, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here