Security Information / 2014 / Security Information -- DSA-3079-1 ppp

Debian Security Advisory

DSA-3079-1 ppp -- security update

Date Reported:

28 Nov 2014

Affected Packages:

ppp

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 762789.
In Mitre's CVE dictionary: CVE-2014-3158.

More information:

A vulnerability was discovered in ppp, an implementation of the Point-to-Point Protocol: an integer overflow in the routine responsible for parsing user-supplied options potentially allows a local attacker to gain root privileges.

For the stable distribution (wheezy), this problem has been fixed in version 2.4.5-5.1+deb7u1.

For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.4.6-3.

We recommend that you upgrade your ppp packages.