Debian Security Advisory
DSA-3079-1 ppp -- security update
- Date Reported:
- 28 Nov 2014
- Affected Packages:
- ppp
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 762789.
In Mitre's CVE dictionary: CVE-2014-3158. - More information:
-
A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.
For the stable distribution (wheezy), this problem has been fixed in version 2.4.5-5.1+deb7u1.
For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.4.6-3.
We recommend that you upgrade your ppp packages.