Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 21 articles for you...
202
security advisorymoderateupdateopenSUSE: 2023:4965-1 Moderate: ppp Array Index Vulnerability Alert
This update for ppp fixes the following issues: CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).. # Security update for ppp Announcement ID: SUSE-SU-2023:4965-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1 * openSUSE Leap Micro 5.3 zypper in -t patch openSUSE-Leap-Micro-5.3-2023-4965=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4965=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 *ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 . Fortify your infrastructure with the recent sdk patch that resolves buffer overflow vulnerabilities and improves performance on all devices.. openSUSE updates, ppp security, array index fix, system vulnerabilities. . LinuxSecurity.com Team
Dec 22, 2023
OpenSUSE
100
security advisorymoderateupdateSUSE: 2023:4966-1 moderate alert for ppp array index validation issue
* bsc#1218251 Cross-References: * CVE-2022-4603 . # Security update for ppp Announcement ID: SUSE-SU-2023:4965-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * Desktop Applications Module 15-SP5 * openSUSE Leap 15.4 * openSUSE Leap 15.5 * openSUSE Leap Micro 5.3 * openSUSE Leap Micro 5.4 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Real Time 15 SP4 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2023-4965=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2023-4965=1 * Desktop Applications Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP5-2023-4965=1 * SUSE Linux Enterprise Real Time 15 SP4 zypper in -t patch SUSE-SLE-Product-RT-15-SP4-2023-4965=1 * openSUSE Leap Micro 5.3 zypperin -t patch openSUSE-Leap-Micro-5.3-2023-4965=1 * openSUSE Leap Micro 5.4 zypper in -t patch openSUSE-Leap-Micro-5.4-2023-4965=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4965=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-4965=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2023-4965=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * Desktop Applications Module 15-SP5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Real Time 15 SP4 (x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap Micro 5.4 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.4 (noarch) *ppp-modem-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * ppp-devel-2.4.7-150000.5.13.1 * openSUSE Leap 15.5 (noarch) * ppp-modem-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * ppp-debuginfo-2.4.7-150000.5.13.1 * ppp-debugsource-2.4.7-150000.5.13.1 * ppp-2.4.7-150000.5.13.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 . Crucial update issued for curl addressing the CVE-2023-1234 flaw, enhancing safeguard measures in Fedora environments.. SUSE Update, ppp Patch, Linux Patch, SUSE Security Alert, OpenSUSE Update. . LinuxSecurity.com Team
Dec 22, 2023
SuSE
100
security advisorymoderatesecurity updateSUSE 12 SP5: 2023:4961-1 moderate: ppp Security Vulnerability Alert
* bsc#1218251 Cross-References: * CVE-2022-4603 . # Security update for ppp Announcement ID: SUSE-SU-2023:4961-1 Rating: moderate References: * bsc#1218251 Cross-References: * CVE-2022-4603 CVSS scores: * CVE-2022-4603 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L * CVE-2022-4603 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability can now be installed. ## Description: This update for ppp fixes the following issues: * CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4961=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4961=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * ppp-debugsource-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-devel-2.4.7-4.6.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-debugsource-2.4.7-4.6.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 *ppp-debugsource-2.4.7-4.6.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * ppp-2.4.7-4.6.1 * ppp-debuginfo-2.4.7-4.6.1 * ppp-debugsource-2.4.7-4.6.1 ## References: * https://www.suse.com/security/cve/CVE-2022-4603.html * https://bugzilla.suse.com/show_bug.cgi?id=1218251 . This notification discusses modifications to the PPP to mitigate vulnerabilities from CVE-2022-4603, providing installation details and impacted systems list. SUSE Linux, ppp update, security patch, moderate risk, CVE-2022-4603. . LinuxSecurity.com Team
Dec 22, 2023
SuSE
172
security advisorymoderatecode executionUbuntu: USN-4451-2 Moderate: ppp Kernel Module Code Execution
ppp could be made to load arbitrary kernel modules and possibly run programs.. =========================================================================Ubuntu Security Notice USN-4451-2 August 06, 2020 ppp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: ppp could be made to load arbitrary kernel modules and possibly run programs. Software Description: - ppp: Point-to-Point Protocol (PPP) Details: USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: ppp 2.4.5-5.1ubuntu2.3+esm2 Ubuntu 12.04 ESM: ppp 2.4.5-5ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4451-2 https://ubuntu.com/security/notices/USN-4451-1 CVE-2020-15704 . The Ubuntu Security Notice USN-4500-1 highlights a vulnerability in the gdm package that permits unauthorized access to system resources and potential escalation of privileges.. Ubuntu Security, ppp Update, Linux Kernel, Arbitrary Module Load, Security Notice. . Severity: Important. LinuxSecurity.com Team
Aug 06, 2020
•Important
Ubuntu
172
security advisorycode executionlocal attackUbuntu: 4451-1 Critical: ppp Arbitrary Module Loading Issue
ppp could be made to load arbitrary kernel modules and possibly run programs.. =========================================================================Ubuntu Security Notice USN-4451-1 August 04, 2020 ppp vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: ppp could be made to load arbitrary kernel modules and possibly run programs. Software Description: - ppp: Point-to-Point Protocol (PPP) Details: Thomas Chauchefoin discovered that ppp incorrectly handled module loading. A local attacker could use this issue to load arbitrary kernel modules and possibly execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: ppp 2.4.7-2+4.1ubuntu5.1 Ubuntu 18.04 LTS: ppp 2.4.7-2+2ubuntu1.3 Ubuntu 16.04 LTS: ppp 2.4.7-1+2ubuntu1.16.04.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4451-1 CVE-2020-15704 Package Information: https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+4.1ubuntu5.1 https://launchpad.net/ubuntu/+source/ppp/2.4.7-2+2ubuntu1.3 https://launchpad.net/ubuntu/+source/ppp/2.4.7-1+2ubuntu1.16.04.3 . Ubuntu Security Notice USN-4451-2 informs users about a critical vulnerability in ppp that may enable unauthorized loading of modules.. ubuntu security, ppp module, security warning, kernel module issue. . Severity: Critical. LinuxSecurity.com Team
Aug 04, 2020
•Critical
Ubuntu
91
security advisoryhigh severitygentooGentoo: GLSA-202003-19 High: PPP Buffer Overflow Risk Appeal
A buffer overflow in PPP might allow a remote attacker to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PPP: Buffer overflow Date: March 15, 2020 Bugs: #710308 ID: 202003-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in PPP might allow a remote attacker to execute arbitrary code. Background ========= PPP is a Unix implementation of the Point-to-Point Protocol. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-dialup/ppp < 2.4.8 > = 2.4.8 Description ========== It was discovered that bounds check in PPP for the rhostname was improperly constructed in the EAP request and response functions. Impact ===== A remote attacker, by sending specially crafted authentication data, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All PPP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-dialup/ppp-2.4.8" References ========= [ 1 ] CVE-2020-8597 https://nvd.nist.gov/vuln/detail/CVE-2020-8597 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Mar 15, 2020
Gentoo
203
security advisorysecurity issuebuffer overflowMageia 7: MGASA-2020-0139 Critical: ppp Buffer Overflow Fix
Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name . MGASA-2020-0139 - Updated ppp packages fix security vulnerability Publication date: 12 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0139.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-8597 Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name (CVE-2020-8597). References: - https://bugs.mageia.org/show_bug.cgi?id=26217 - https://lists.debian.org/debian-lts-announce/2020/02/msg00005.html - https://www.cve.org/CVERecord?id=CVE-2020-8597 SRPMS: - 7/core/ppp-2.4.7-13.1.mga7 . Mageia 2020-0140 resolves a significant security vulnerability in OpenSSL impacting Mageia 8 under particular circumstances.. Mageia Security, Buffer Overflow Fix, ppp Update, Vulnerability Advisory. . Severity: Critical. LinuxSecurity.com Team
Mar 12, 2020
•Critical
Mageia
99
security advisoryarbitrary code executionmemory corruptionSlackware 14.0-14.2: 2020-064-01 Critical: ppp Memory Corruption
New ppp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] ppp (SSA:2020-064-01) New ppp packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/ppp-2.4.8-i586-1_slack14.2.txz: Upgraded. This update fixes a security issue: By sending an unsolicited EAP packet to a vulnerable ppp client or server, an unauthenticated remote attacker could cause memory corruption in the pppd process, which may allow for arbitrary code execution. For more information, see: https://www.cve.org/CVERecord?id=CVE-2020-8597 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you. Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/ppp-2.4.8-i586-1_slack14.0.txz Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/ppp-2.4.8-x86_64-1_slack14.0.txz Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/ppp-2.4.8-i586-1_slack14.1.txz Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/ppp-2.4.8-x86_64-1_slack14.1.txz Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/ppp-2.4.8-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/ppp-2.4.8-x86_64-1_slack14.2.txz Updated package for Slackware-current: Updated package for Slackware x86_64 -current: MD5 signatures: +-------------+ Slackware 14.0 package: 2b3bb2dddfc38eac2fba20bb46359ae5 ppp-2.4.8-i586-1_slack14.0.txz Slackware x86_64 14.0 package: e4e74a259397f901746cc3f9aa541320 ppp-2.4.8-x86_64-1_slack14.0.txz Slackware 14.1 package: b387c4a220c35dc85ff7ca5d8b67fdaf ppp-2.4.8-i586-1_slack14.1.txz Slackware x86_64 14.1 package: fad1deff4c3ab51029860de52cca9abf ppp-2.4.8-x86_64-1_slack14.1.txz Slackware 14.2 package: 12f80bee6fccbcd6f307483218878a8f ppp-2.4.8-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 48da9ec1268dbbc5a7b4a82ce176f317 ppp-2.4.8-x86_64-1_slack14.2.txz Slackware -current package: 1be83644da426f7fa6c2ac6b47cabdc1 n/ppp-2.4.8-i586-1.txz Slackware x86_64 -current package: d9c1818afcbf1a51657ee64de0bd0b38 n/ppp-2.4.8-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg ppp-2.4.8-i586-1_slack14.2.txz +-----+ . Recent updates for ppp have been released for Slackware to mitigate a vulnerability that could allow unauthorized remote code execution.. Slackware Security Update, ppp Memory Corruption, Code Execution Vulnerability. . Severity: Critical. LinuxSecurity.com Team
Mar 04, 2020
•Critical
Slackware
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!