Debian-LTS has issued an advisory on February 9:
Mageia 7 is also affected.
'ppp' has no evident maintainer, so assigning globally.
Ubuntu has issued an advisory for this today (February 20):
Done for both Cauldron and mga7!
Updated ppp packages fix security vulnerability:
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When
receiving an EAP Request message in client mode, an attacker was able to
overflow the rhostname array by providing a very long name (CVE-2020-8597).
Updated packages in core/updates_testing:
MGA7-64 Plasma on Lenovo B50
No installation issues.
Reading in MCC "ppp daemon" and seeing an executable pppd, made me try:
# systemctl -l status pppd
Unit pppd.service could not be found.
So tried at CLI
~�}#�!}!}!} }4}"}&} } } } }%}&%7�b}'}"}(}"L�~~�}#�!}!}!} }4}"}&} } } }
and more of this stuff
Ref bug 15714 did not bring me further, sine the kppp package referred there does not seem to exist anymore.
Googling brought me either to "posterior pelvic pain provocation" or Porsche....
If TJ approves, I will OK on clean install.
Sorry I didn't look in on this before now, Herman. As always, thank you for your efforts.
Since tmb uploaded the advisory without comment, I'm going to assume he has no objection to a clean install OK. I find that reassuring.
So, I'll go ahead and add the OK, and validate so this can go on it's way.
An update for this issue has been pushed to the Mageia Updates repository.