Debian Security Advisory
DLA-74-1 ppp -- LTS security update
- Date Reported:
- 21 Oct 2014
- Affected Packages:
- Security database references:
- In the Debian bugtracking system: Bug 762789.
In Mitre's CVE dictionary: CVE-2014-3158.
- More information:
This updates fixes a potential integer overflow in option parsing.
A user in the group
dipcould provide a specially crafted configuration file of more than 2G and generate an integer overflow. This may enable an attacker to overwrite the heap and thereby corrupt security-relevant variables.
See details in the upstream commit: https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb
For Debian 6
Squeeze, these issues have been fixed in ppp version 2.4.5-4+deb6u1