Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0722 ppp security update 28 February 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ppp Publisher: Red Hat Operating System: Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux WS/Desktop 6 Red Hat Enterprise Linux Server 7 Red Hat Enterprise Linux WS/Desktop 7 Red Hat Enterprise Linux Server 8 Red Hat Enterprise Linux WS/Desktop 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-8597 Reference: ESB-2020.0696 ESB-2020.0679 ESB-2020.0639 ESB-2020.0615 Original Bulletin: https://access.redhat.com/errata/RHSA-2020:0630 https://access.redhat.com/errata/RHSA-2020:0631 https://access.redhat.com/errata/RHSA-2020:0633 https://access.redhat.com/errata/RHSA-2020:0634 Comment: This bulletin contains four (4) Red Hat security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0630-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0630 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 ===================================================================== 1. Summary: An update for ppp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: ppp-2.4.5-34.el7_7.src.rpm x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: ppp-2.4.5-34.el7_7.src.rpm x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: ppp-2.4.5-34.el7_7.src.rpm ppc64: ppp-2.4.5-34.el7_7.ppc64.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm ppc64le: ppp-2.4.5-34.el7_7.ppc64le.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm s390x: ppp-2.4.5-34.el7_7.s390x.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: ppp-debuginfo-2.4.5-34.el7_7.ppc.rpm ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm ppp-devel-2.4.5-34.el7_7.ppc.rpm ppp-devel-2.4.5-34.el7_7.ppc64.rpm ppc64le: ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm ppp-devel-2.4.5-34.el7_7.ppc64le.rpm s390x: ppp-debuginfo-2.4.5-34.el7_7.s390.rpm ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm ppp-devel-2.4.5-34.el7_7.s390.rpm ppp-devel-2.4.5-34.el7_7.s390x.rpm x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: ppp-2.4.5-34.el7_7.src.rpm x86_64: ppp-2.4.5-34.el7_7.x86_64.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: ppp-debuginfo-2.4.5-34.el7_7.i686.rpm ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm ppp-devel-2.4.5-34.el7_7.i686.rpm ppp-devel-2.4.5-34.el7_7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby 1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/ p1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj 2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz 91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK JMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX tEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu iLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL TVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/ nyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0 nTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO iXgkiSqdt/o= =Fzi6 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0631-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0631 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 ===================================================================== 1. Summary: An update for ppp is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: ppp-2.4.5-11.el6_10.src.rpm i386: ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm x86_64: ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm x86_64: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: ppp-2.4.5-11.el6_10.src.rpm x86_64: ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: ppp-2.4.5-11.el6_10.src.rpm i386: ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppc64: ppp-2.4.5-11.el6_10.ppc64.rpm ppp-debuginfo-2.4.5-11.el6_10.ppc64.rpm s390x: ppp-2.4.5-11.el6_10.s390x.rpm ppp-debuginfo-2.4.5-11.el6_10.s390x.rpm x86_64: ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppc64: ppp-debuginfo-2.4.5-11.el6_10.ppc.rpm ppp-debuginfo-2.4.5-11.el6_10.ppc64.rpm ppp-devel-2.4.5-11.el6_10.ppc.rpm ppp-devel-2.4.5-11.el6_10.ppc64.rpm s390x: ppp-debuginfo-2.4.5-11.el6_10.s390.rpm ppp-debuginfo-2.4.5-11.el6_10.s390x.rpm ppp-devel-2.4.5-11.el6_10.s390.rpm ppp-devel-2.4.5-11.el6_10.s390x.rpm x86_64: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: ppp-2.4.5-11.el6_10.src.rpm i386: ppp-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.i686.rpm x86_64: ppp-2.4.5-11.el6_10.x86_64.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm x86_64: ppp-debuginfo-2.4.5-11.el6_10.i686.rpm ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm ppp-devel-2.4.5-11.el6_10.i686.rpm ppp-devel-2.4.5-11.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlfji9zjgjWX9erEAQjrYg//V+uMsW8aM3+Mkh7pTwU2VYdjelmXlf9R kJat3vSzCV7cRJt94KqRH4lTIPBBxOleachpJsChSXpJP/Cih4cZlZnyPAa3wp8h nVgxyl9ChUS666veUwUkxFlCsaptiKFZzezTjOTKO7vhgf6NQfwz5/nIsorjMTIJ ASvkC+S0dt5zINoGZH91KPcet8HUsIMKkGGG2Nx7Z0NXU/6H8asMem3BJTLIVbmx gjAwPBmuGimDMvW0ghJ7n6/CafDNd5anZ5jO5AtfDrATZSYuR4R1p9jscIRWr1uz Pf+y++EXc0uAK35cxovGQFkQ+tmUDxB9FibObiwJq99imz9F8MNijkYjL+oNF+K1 opG8Znme1oBPpnHsnaNIYk/kqc52amPGFma6TUcPdHTX5EYfyAxTl/mKOQ1WBSfh mPbEVtQDGrL+U+zwcmf1fMlZOh3PyBwsdJQT1CpNrJ1h7U0K4klR4EZUWHo94ior cAHMF5NokjiMw758tEirQP25gWPwBhwoyrF5VpunGEBozkpjXJMe/IzkTsCi3sas /dccCvNmFUjFs9SCxwKKoREHWNBUSS3cr7paoqOEaingBoRnO15o9aptX3nu46bn RoJvEhK7ZSEh/2v509kt+o497MLlVkgAyPye2wJbBvNl7dbuoJ52Je5Yr7gZblgf uoE1+6gYCM8= =YlHl - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0633-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0633 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 ===================================================================== 1. Summary: An update for ppp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream (v. 8) - s390x Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): s390x: network-scripts-ppp-2.4.7-26.el8_1.s390x.rpm ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm ppp-debugsource-2.4.7-26.el8_1.s390x.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: ppp-2.4.7-26.el8_1.src.rpm aarch64: ppp-2.4.7-26.el8_1.aarch64.rpm ppp-debuginfo-2.4.7-26.el8_1.aarch64.rpm ppp-debugsource-2.4.7-26.el8_1.aarch64.rpm ppc64le: ppp-2.4.7-26.el8_1.ppc64le.rpm ppp-debuginfo-2.4.7-26.el8_1.ppc64le.rpm ppp-debugsource-2.4.7-26.el8_1.ppc64le.rpm s390x: ppp-2.4.7-26.el8_1.s390x.rpm ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm ppp-debugsource-2.4.7-26.el8_1.s390x.rpm x86_64: ppp-2.4.7-26.el8_1.x86_64.rpm ppp-debuginfo-2.4.7-26.el8_1.x86_64.rpm ppp-debugsource-2.4.7-26.el8_1.x86_64.rpm Red Hat CodeReady Linux Builder (v. 8): aarch64: ppp-debuginfo-2.4.7-26.el8_1.aarch64.rpm ppp-debugsource-2.4.7-26.el8_1.aarch64.rpm ppp-devel-2.4.7-26.el8_1.aarch64.rpm ppc64le: ppp-debuginfo-2.4.7-26.el8_1.ppc64le.rpm ppp-debugsource-2.4.7-26.el8_1.ppc64le.rpm ppp-devel-2.4.7-26.el8_1.ppc64le.rpm s390x: ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm ppp-debugsource-2.4.7-26.el8_1.s390x.rpm ppp-devel-2.4.7-26.el8_1.s390x.rpm x86_64: ppp-2.4.7-26.el8_1.i686.rpm ppp-debuginfo-2.4.7-26.el8_1.i686.rpm ppp-debuginfo-2.4.7-26.el8_1.x86_64.rpm ppp-debugsource-2.4.7-26.el8_1.i686.rpm ppp-debugsource-2.4.7-26.el8_1.x86_64.rpm ppp-devel-2.4.7-26.el8_1.i686.rpm ppp-devel-2.4.7-26.el8_1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlfjHdzjgjWX9erEAQjI7Q/+K5HlScFRxooaXsaQWxuNC01514t01TsI enhIXNxbsRPsaBw8TscDTojlTTNNhbyJf37hefQfhSl2NLg4T8NqKlb1p4pFlAAP KFwrIkuuLEDO5DQF5nwpLJxKjB86W2t8HADABSjt00QSjJJxeGyAnAXSBCPtHdhJ dBjnNAEf4NNkYNFaxcKkXEx8iNUuTHK+kwSGneiPRm8ibNMNjub86ii9G/C6Skg6 aZuQEJIWIjNqrHuljiqaET/OjZJCoYrpy0TnJjeFND3gIgUY9TOVPkCjnM9WJbWG AsQ0wgKjyTIRCGfMseHVDyWON+oujJ5t7AEhP6VqQn0o7dliGZjr0QBurjQzeWFp aH0sN/OWNd9h4DanGyd3S+vDp12k4so+xs7DCGpriULj8OSDloSt1NyfL9KI0GBX PIeMWLdVd6C4NKUOhRQI0KocqfJiu4YiF1KWpKzVkeuwts6kCx8jqEcHvyD98L8N RC4Q/Lehp6zwdIY9VHt4JomRtlcvdOBIECVMJOj3yl4btSQZ2Ogj/HFCdTow+efw McQ1VbNKHqOTK8b1u1zMVK0vCHfOvHS2kTgoEy0zhDp7kfRs0qvMtTOciTAEQFKr BxoFiwcPAaBJ3qkT55+4Q/6SlaaBZieoczyfntlZaWQL93Pl9jh1B7CeN5y0S4QU fvuyMkEBe9I= =yy4l - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: ppp security update Advisory ID: RHSA-2020:0634-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0634 Issue date: 2020-02-27 CVE Names: CVE-2020-8597 ===================================================================== 1. Summary: An update for ppp is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream E4S (v. 8.0) - s390x Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64 3. Description: The ppp packages contain the Point-to-Point Protocol (PPP) daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider (ISP) or other organization over a modem and phone line. Security Fix(es): * ppp: Buffer overflow in the eap_request and eap_response functions in eap.c (CVE-2020-8597) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c 6. Package List: Red Hat Enterprise Linux AppStream E4S (v. 8.0): s390x: network-scripts-ppp-2.4.7-26.el8_0.s390x.rpm ppp-debuginfo-2.4.7-26.el8_0.s390x.rpm ppp-debugsource-2.4.7-26.el8_0.s390x.rpm Red Hat Enterprise Linux BaseOS E4S (v. 8.0): Source: ppp-2.4.7-26.el8_0.src.rpm aarch64: ppp-2.4.7-26.el8_0.aarch64.rpm ppp-debuginfo-2.4.7-26.el8_0.aarch64.rpm ppp-debugsource-2.4.7-26.el8_0.aarch64.rpm ppc64le: ppp-2.4.7-26.el8_0.ppc64le.rpm ppp-debuginfo-2.4.7-26.el8_0.ppc64le.rpm ppp-debugsource-2.4.7-26.el8_0.ppc64le.rpm s390x: ppp-2.4.7-26.el8_0.s390x.rpm ppp-debuginfo-2.4.7-26.el8_0.s390x.rpm ppp-debugsource-2.4.7-26.el8_0.s390x.rpm x86_64: ppp-2.4.7-26.el8_0.x86_64.rpm ppp-debuginfo-2.4.7-26.el8_0.x86_64.rpm ppp-debugsource-2.4.7-26.el8_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8597 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXlffy9zjgjWX9erEAQgF8Q//SgKOt9n4hQ1jP+MlhPngiVLQpqz2+idl EkQFMarcVH1t3cQjb9EEUdonFanzGC0pHSBLKSIvEi3V0GZTF4nHDY0UP4gmBYEo sJX8+t53E5fa43cQQZVD+qUenbzXt5vD/R9/D93VXLUW687qq0HabGJ3FXAbEVb6 3qLPxoRo+IjQ5kDrFbgkumASYKgfwFKPl0QbyTXQYAfBEW1GbYwryXvqaHnUptv7 pM/Pm8RYV0ptNECpC318p9/vrixvtsgHA3cVCwOlBg0OwEf5JI+tXjVHWMAsz41T jbbleQMM6H8fjVdZ18qN7i8BWWafJJJ0T7sjn1ypZSBoIjzaIVmENsnr9dxcXPs1 JsDsAognlDhaVhpcweK2zMXvfzmUpqgeqnSmwpzDgPXIJNlI6MLkA3L18vBk5v2w Y792wR06ZMEtujMrBsGqg1mcG27agVmUi6uwKjzN7Mw/oWnNqCyxd4IdQlY6IprU C7hg1ALDGEs84SKOAAoEEGNmTXoyq6zz/R1KUOxw5zgv/JPI8qlyB+RROdBdhkw3 3B6WHZcnaYNQugWFLC9kSPaYbUkLCUpd86ewOa+sGJkLHNgRqierAO6e7I3Qu3tn up+G0ESwYKO7ItRY4MWaBrj+3oGdftgNQB4rufG63oVJ8ykzkOvnODfOkxloMZYS xcwHrfgRKZw= =fX6B - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXliVD2aOgq3Tt24GAQh+Sw//b4etM2sROalniml2LqmL8eSM2HcV63Ec 5xBNRf8ShyPFeHzhcc8FtA2fu1wNNzaReoFRIN63P7CvYDEw85wDn6yu8YHKlji+ ZkxgTcmGQji+gTgObCOlozA73KyAUZYNssxVBg1P4wUPTsfosMHLOyv6MiRomujZ fa+5qkTmFeA6bcHJVJWNboW8+k4VHj4G3mWkgqvF3nzSKeVaLTETRk99jsgUlW3n MoUv6Ee9FKFSrOLF7bcCiJ8NmwY1grHZuCFBLsUqIGKxKwRmPLYgegUJrX35+Xr5 eXZrNdqWodn/2V41095qY5FrKIJVkD6Rml3VBaqc005rIe8hwuwKWPRW/HiScOMT TroKckvIoQ+jfpCC47tyNUBEZeH52H+rgPzRc07PN0aF3Pk3m3QclL6dg0onxN5q BAMdH3tBK98qbjiD49qanvOEyfNMen/FwDisc8uKI6QQvnK7G9GvuiYSbMtyo2nk WjC0i17sNj7w3jPiqKy+HBVz5kFocKFQwbbKabpzM9LGyKvmC3iZg6pVDwZhaAch H7ijol7kbjc1XaiwP+fkbTql5gQNu7yAYaUE1COQX9yUDECviH4cvb0CpHH02W5g GnQSkFXcw7+CPo2mlSwGCIvOrqTgmqiqWQ5pJxRBAxCTFCBi5NdTFzVMDu3pU5Rz Nix3qU729ak= =brvo -----END PGP SIGNATURE-----