Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0722
ppp security update
28 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ppp
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux WS/Desktop 6
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux WS/Desktop 7
Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8597
Reference: ESB-2020.0696
ESB-2020.0679
ESB-2020.0639
ESB-2020.0615
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:0630
https://access.redhat.com/errata/RHSA-2020:0631
https://access.redhat.com/errata/RHSA-2020:0633
https://access.redhat.com/errata/RHSA-2020:0634
Comment: This bulletin contains four (4) Red Hat security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: ppp security update
Advisory ID: RHSA-2020:0630-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0630
Issue date: 2020-02-27
CVE Names: CVE-2020-8597
=====================================================================
1. Summary:
An update for ppp is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is usually
used to dial in to an Internet Service Provider (ISP) or other organization
over a modem and phone line.
Security Fix(es):
* ppp: Buffer overflow in the eap_request and eap_response functions in
eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
ppp-2.4.5-34.el7_7.src.rpm
x86_64:
ppp-2.4.5-34.el7_7.x86_64.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
ppp-debuginfo-2.4.5-34.el7_7.i686.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
ppp-devel-2.4.5-34.el7_7.i686.rpm
ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
ppp-2.4.5-34.el7_7.src.rpm
x86_64:
ppp-2.4.5-34.el7_7.x86_64.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
ppp-debuginfo-2.4.5-34.el7_7.i686.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
ppp-devel-2.4.5-34.el7_7.i686.rpm
ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
ppp-2.4.5-34.el7_7.src.rpm
ppc64:
ppp-2.4.5-34.el7_7.ppc64.rpm
ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm
ppc64le:
ppp-2.4.5-34.el7_7.ppc64le.rpm
ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm
s390x:
ppp-2.4.5-34.el7_7.s390x.rpm
ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm
x86_64:
ppp-2.4.5-34.el7_7.x86_64.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
ppp-debuginfo-2.4.5-34.el7_7.ppc.rpm
ppp-debuginfo-2.4.5-34.el7_7.ppc64.rpm
ppp-devel-2.4.5-34.el7_7.ppc.rpm
ppp-devel-2.4.5-34.el7_7.ppc64.rpm
ppc64le:
ppp-debuginfo-2.4.5-34.el7_7.ppc64le.rpm
ppp-devel-2.4.5-34.el7_7.ppc64le.rpm
s390x:
ppp-debuginfo-2.4.5-34.el7_7.s390.rpm
ppp-debuginfo-2.4.5-34.el7_7.s390x.rpm
ppp-devel-2.4.5-34.el7_7.s390.rpm
ppp-devel-2.4.5-34.el7_7.s390x.rpm
x86_64:
ppp-debuginfo-2.4.5-34.el7_7.i686.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
ppp-devel-2.4.5-34.el7_7.i686.rpm
ppp-devel-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
ppp-2.4.5-34.el7_7.src.rpm
x86_64:
ppp-2.4.5-34.el7_7.x86_64.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
ppp-debuginfo-2.4.5-34.el7_7.i686.rpm
ppp-debuginfo-2.4.5-34.el7_7.x86_64.rpm
ppp-devel-2.4.5-34.el7_7.i686.rpm
ppp-devel-2.4.5-34.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8597
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXlfen9zjgjWX9erEAQj4VxAAhoolIsxKBSxXvlTM4FIBi2+s77BlOiby
1957YccCxFTvU0YP2LWqueepO/2Z9G/dBVGvej+JruD5Uc1qrIWyZNfnD9Y5CFw/
p1yTAKt0RM4XN9TeqXRn8ufYTMOU3hG1RIksbhKA1Wo8Xwf0BTj43BN9bv/7vHwj
2GQEfp37ARKvBjrQDCKh5Yhe5vtLYHbC4NOkvZwt3pFc5Je001RFGwk5/sN2Vtiz
91jazEJ9/duWvUn6O45vu1uTXRZnlPIQJmMtlD8+KbBVS4JK4oWoi9vyKM81y2AK
JMlENiPstjEHOaIrdpd1nA1GWhPen4xNFMh1+4CGp7JfFPh8eUT59B8UDkBFdFzX
tEyUqqb4xpNb+k2IMR50XZM9r5lGV8RQxex37EXOIyLzz4qSv6Anq/DcoP5cGbvu
iLAtSMJZz2BMJZ0a8+Cg6ynxbip1SqsgcmjbDRK/Ccf0CICvlj6apineUL9vtvBL
TVEQnlqXO70uYLG3xTTLWiXqVradqATKzbUuPzvgME7aHGIRWyek4JvwCuetzR1/
nyZts/ldBvmyob6KcUF7KejKUighqDwnoTmx6vWJlOT6DT3CZaS5tTvbZNd2kJk0
nTmV6AD+yNcnI53FSh6WHPutUq3yDCQTEPojhgl13aDVXyzeAMmuzSOjFGG/+/GO
iXgkiSqdt/o=
=Fzi6
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: ppp security update
Advisory ID: RHSA-2020:0631-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0631
Issue date: 2020-02-27
CVE Names: CVE-2020-8597
=====================================================================
1. Summary:
An update for ppp is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64
Red Hat Enterprise Linux HPC Node (v. 6) - x86_64
Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64
Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64
3. Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is usually
used to dial in to an Internet Service Provider (ISP) or other organization
over a modem and phone line.
Security Fix(es):
* ppp: Buffer overflow in the eap_request and eap_response functions in
eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
ppp-2.4.5-11.el6_10.src.rpm
i386:
ppp-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
x86_64:
ppp-2.4.5-11.el6_10.x86_64.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux Desktop Optional (v. 6):
i386:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
x86_64:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node (v. 6):
Source:
ppp-2.4.5-11.el6_10.src.rpm
x86_64:
ppp-2.4.5-11.el6_10.x86_64.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional (v. 6):
x86_64:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server (v. 6):
Source:
ppp-2.4.5-11.el6_10.src.rpm
i386:
ppp-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppc64:
ppp-2.4.5-11.el6_10.ppc64.rpm
ppp-debuginfo-2.4.5-11.el6_10.ppc64.rpm
s390x:
ppp-2.4.5-11.el6_10.s390x.rpm
ppp-debuginfo-2.4.5-11.el6_10.s390x.rpm
x86_64:
ppp-2.4.5-11.el6_10.x86_64.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
i386:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
ppc64:
ppp-debuginfo-2.4.5-11.el6_10.ppc.rpm
ppp-debuginfo-2.4.5-11.el6_10.ppc64.rpm
ppp-devel-2.4.5-11.el6_10.ppc.rpm
ppp-devel-2.4.5-11.el6_10.ppc64.rpm
s390x:
ppp-debuginfo-2.4.5-11.el6_10.s390.rpm
ppp-debuginfo-2.4.5-11.el6_10.s390x.rpm
ppp-devel-2.4.5-11.el6_10.s390.rpm
ppp-devel-2.4.5-11.el6_10.s390x.rpm
x86_64:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
ppp-2.4.5-11.el6_10.src.rpm
i386:
ppp-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
x86_64:
ppp-2.4.5-11.el6_10.x86_64.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 6):
i386:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
x86_64:
ppp-debuginfo-2.4.5-11.el6_10.i686.rpm
ppp-debuginfo-2.4.5-11.el6_10.x86_64.rpm
ppp-devel-2.4.5-11.el6_10.i686.rpm
ppp-devel-2.4.5-11.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8597
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXlfji9zjgjWX9erEAQjrYg//V+uMsW8aM3+Mkh7pTwU2VYdjelmXlf9R
kJat3vSzCV7cRJt94KqRH4lTIPBBxOleachpJsChSXpJP/Cih4cZlZnyPAa3wp8h
nVgxyl9ChUS666veUwUkxFlCsaptiKFZzezTjOTKO7vhgf6NQfwz5/nIsorjMTIJ
ASvkC+S0dt5zINoGZH91KPcet8HUsIMKkGGG2Nx7Z0NXU/6H8asMem3BJTLIVbmx
gjAwPBmuGimDMvW0ghJ7n6/CafDNd5anZ5jO5AtfDrATZSYuR4R1p9jscIRWr1uz
Pf+y++EXc0uAK35cxovGQFkQ+tmUDxB9FibObiwJq99imz9F8MNijkYjL+oNF+K1
opG8Znme1oBPpnHsnaNIYk/kqc52amPGFma6TUcPdHTX5EYfyAxTl/mKOQ1WBSfh
mPbEVtQDGrL+U+zwcmf1fMlZOh3PyBwsdJQT1CpNrJ1h7U0K4klR4EZUWHo94ior
cAHMF5NokjiMw758tEirQP25gWPwBhwoyrF5VpunGEBozkpjXJMe/IzkTsCi3sas
/dccCvNmFUjFs9SCxwKKoREHWNBUSS3cr7paoqOEaingBoRnO15o9aptX3nu46bn
RoJvEhK7ZSEh/2v509kt+o497MLlVkgAyPye2wJbBvNl7dbuoJ52Je5Yr7gZblgf
uoE1+6gYCM8=
=YlHl
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: ppp security update
Advisory ID: RHSA-2020:0633-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0633
Issue date: 2020-02-27
CVE Names: CVE-2020-8597
=====================================================================
1. Summary:
An update for ppp is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - s390x
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is usually
used to dial in to an Internet Service Provider (ISP) or other organization
over a modem and phone line.
Security Fix(es):
* ppp: Buffer overflow in the eap_request and eap_response functions in
eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
s390x:
network-scripts-ppp-2.4.7-26.el8_1.s390x.rpm
ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm
ppp-debugsource-2.4.7-26.el8_1.s390x.rpm
Red Hat Enterprise Linux BaseOS (v. 8):
Source:
ppp-2.4.7-26.el8_1.src.rpm
aarch64:
ppp-2.4.7-26.el8_1.aarch64.rpm
ppp-debuginfo-2.4.7-26.el8_1.aarch64.rpm
ppp-debugsource-2.4.7-26.el8_1.aarch64.rpm
ppc64le:
ppp-2.4.7-26.el8_1.ppc64le.rpm
ppp-debuginfo-2.4.7-26.el8_1.ppc64le.rpm
ppp-debugsource-2.4.7-26.el8_1.ppc64le.rpm
s390x:
ppp-2.4.7-26.el8_1.s390x.rpm
ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm
ppp-debugsource-2.4.7-26.el8_1.s390x.rpm
x86_64:
ppp-2.4.7-26.el8_1.x86_64.rpm
ppp-debuginfo-2.4.7-26.el8_1.x86_64.rpm
ppp-debugsource-2.4.7-26.el8_1.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
ppp-debuginfo-2.4.7-26.el8_1.aarch64.rpm
ppp-debugsource-2.4.7-26.el8_1.aarch64.rpm
ppp-devel-2.4.7-26.el8_1.aarch64.rpm
ppc64le:
ppp-debuginfo-2.4.7-26.el8_1.ppc64le.rpm
ppp-debugsource-2.4.7-26.el8_1.ppc64le.rpm
ppp-devel-2.4.7-26.el8_1.ppc64le.rpm
s390x:
ppp-debuginfo-2.4.7-26.el8_1.s390x.rpm
ppp-debugsource-2.4.7-26.el8_1.s390x.rpm
ppp-devel-2.4.7-26.el8_1.s390x.rpm
x86_64:
ppp-2.4.7-26.el8_1.i686.rpm
ppp-debuginfo-2.4.7-26.el8_1.i686.rpm
ppp-debuginfo-2.4.7-26.el8_1.x86_64.rpm
ppp-debugsource-2.4.7-26.el8_1.i686.rpm
ppp-debugsource-2.4.7-26.el8_1.x86_64.rpm
ppp-devel-2.4.7-26.el8_1.i686.rpm
ppp-devel-2.4.7-26.el8_1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8597
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXlfjHdzjgjWX9erEAQjI7Q/+K5HlScFRxooaXsaQWxuNC01514t01TsI
enhIXNxbsRPsaBw8TscDTojlTTNNhbyJf37hefQfhSl2NLg4T8NqKlb1p4pFlAAP
KFwrIkuuLEDO5DQF5nwpLJxKjB86W2t8HADABSjt00QSjJJxeGyAnAXSBCPtHdhJ
dBjnNAEf4NNkYNFaxcKkXEx8iNUuTHK+kwSGneiPRm8ibNMNjub86ii9G/C6Skg6
aZuQEJIWIjNqrHuljiqaET/OjZJCoYrpy0TnJjeFND3gIgUY9TOVPkCjnM9WJbWG
AsQ0wgKjyTIRCGfMseHVDyWON+oujJ5t7AEhP6VqQn0o7dliGZjr0QBurjQzeWFp
aH0sN/OWNd9h4DanGyd3S+vDp12k4so+xs7DCGpriULj8OSDloSt1NyfL9KI0GBX
PIeMWLdVd6C4NKUOhRQI0KocqfJiu4YiF1KWpKzVkeuwts6kCx8jqEcHvyD98L8N
RC4Q/Lehp6zwdIY9VHt4JomRtlcvdOBIECVMJOj3yl4btSQZ2Ogj/HFCdTow+efw
McQ1VbNKHqOTK8b1u1zMVK0vCHfOvHS2kTgoEy0zhDp7kfRs0qvMtTOciTAEQFKr
BxoFiwcPAaBJ3qkT55+4Q/6SlaaBZieoczyfntlZaWQL93Pl9jh1B7CeN5y0S4QU
fvuyMkEBe9I=
=yy4l
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Important: ppp security update
Advisory ID: RHSA-2020:0634-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0634
Issue date: 2020-02-27
CVE Names: CVE-2020-8597
=====================================================================
1. Summary:
An update for ppp is now available for Red Hat Enterprise Linux 8.0 Update
Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream E4S (v. 8.0) - s390x
Red Hat Enterprise Linux BaseOS E4S (v. 8.0) - aarch64, ppc64le, s390x, x86_64
3. Description:
The ppp packages contain the Point-to-Point Protocol (PPP) daemon and
documentation for PPP support. The PPP protocol provides a method for
transmitting datagrams over serial point-to-point links. PPP is usually
used to dial in to an Internet Service Provider (ISP) or other organization
over a modem and phone line.
Security Fix(es):
* ppp: Buffer overflow in the eap_request and eap_response functions in
eap.c (CVE-2020-8597)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1800727 - CVE-2020-8597 ppp: Buffer overflow in the eap_request and eap_response functions in eap.c
6. Package List:
Red Hat Enterprise Linux AppStream E4S (v. 8.0):
s390x:
network-scripts-ppp-2.4.7-26.el8_0.s390x.rpm
ppp-debuginfo-2.4.7-26.el8_0.s390x.rpm
ppp-debugsource-2.4.7-26.el8_0.s390x.rpm
Red Hat Enterprise Linux BaseOS E4S (v. 8.0):
Source:
ppp-2.4.7-26.el8_0.src.rpm
aarch64:
ppp-2.4.7-26.el8_0.aarch64.rpm
ppp-debuginfo-2.4.7-26.el8_0.aarch64.rpm
ppp-debugsource-2.4.7-26.el8_0.aarch64.rpm
ppc64le:
ppp-2.4.7-26.el8_0.ppc64le.rpm
ppp-debuginfo-2.4.7-26.el8_0.ppc64le.rpm
ppp-debugsource-2.4.7-26.el8_0.ppc64le.rpm
s390x:
ppp-2.4.7-26.el8_0.s390x.rpm
ppp-debuginfo-2.4.7-26.el8_0.s390x.rpm
ppp-debugsource-2.4.7-26.el8_0.s390x.rpm
x86_64:
ppp-2.4.7-26.el8_0.x86_64.rpm
ppp-debuginfo-2.4.7-26.el8_0.x86_64.rpm
ppp-debugsource-2.4.7-26.el8_0.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-8597
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXlffy9zjgjWX9erEAQgF8Q//SgKOt9n4hQ1jP+MlhPngiVLQpqz2+idl
EkQFMarcVH1t3cQjb9EEUdonFanzGC0pHSBLKSIvEi3V0GZTF4nHDY0UP4gmBYEo
sJX8+t53E5fa43cQQZVD+qUenbzXt5vD/R9/D93VXLUW687qq0HabGJ3FXAbEVb6
3qLPxoRo+IjQ5kDrFbgkumASYKgfwFKPl0QbyTXQYAfBEW1GbYwryXvqaHnUptv7
pM/Pm8RYV0ptNECpC318p9/vrixvtsgHA3cVCwOlBg0OwEf5JI+tXjVHWMAsz41T
jbbleQMM6H8fjVdZ18qN7i8BWWafJJJ0T7sjn1ypZSBoIjzaIVmENsnr9dxcXPs1
JsDsAognlDhaVhpcweK2zMXvfzmUpqgeqnSmwpzDgPXIJNlI6MLkA3L18vBk5v2w
Y792wR06ZMEtujMrBsGqg1mcG27agVmUi6uwKjzN7Mw/oWnNqCyxd4IdQlY6IprU
C7hg1ALDGEs84SKOAAoEEGNmTXoyq6zz/R1KUOxw5zgv/JPI8qlyB+RROdBdhkw3
3B6WHZcnaYNQugWFLC9kSPaYbUkLCUpd86ewOa+sGJkLHNgRqierAO6e7I3Qu3tn
up+G0ESwYKO7ItRY4MWaBrj+3oGdftgNQB4rufG63oVJ8ykzkOvnODfOkxloMZYS
xcwHrfgRKZw=
=fX6B
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXliVD2aOgq3Tt24GAQh+Sw//b4etM2sROalniml2LqmL8eSM2HcV63Ec
5xBNRf8ShyPFeHzhcc8FtA2fu1wNNzaReoFRIN63P7CvYDEw85wDn6yu8YHKlji+
ZkxgTcmGQji+gTgObCOlozA73KyAUZYNssxVBg1P4wUPTsfosMHLOyv6MiRomujZ
fa+5qkTmFeA6bcHJVJWNboW8+k4VHj4G3mWkgqvF3nzSKeVaLTETRk99jsgUlW3n
MoUv6Ee9FKFSrOLF7bcCiJ8NmwY1grHZuCFBLsUqIGKxKwRmPLYgegUJrX35+Xr5
eXZrNdqWodn/2V41095qY5FrKIJVkD6Rml3VBaqc005rIe8hwuwKWPRW/HiScOMT
TroKckvIoQ+jfpCC47tyNUBEZeH52H+rgPzRc07PN0aF3Pk3m3QclL6dg0onxN5q
BAMdH3tBK98qbjiD49qanvOEyfNMen/FwDisc8uKI6QQvnK7G9GvuiYSbMtyo2nk
WjC0i17sNj7w3jPiqKy+HBVz5kFocKFQwbbKabpzM9LGyKvmC3iZg6pVDwZhaAch
H7ijol7kbjc1XaiwP+fkbTql5gQNu7yAYaUE1COQX9yUDECviH4cvb0CpHH02W5g
GnQSkFXcw7+CPo2mlSwGCIvOrqTgmqiqWQ5pJxRBAxCTFCBi5NdTFzVMDu3pU5Rz
Nix3qU729ak=
=brvo
-----END PGP SIGNATURE-----