Debian-LTS has issued an advisory on February 9: https://www.debian.org/lts/security/2020/dla-2097 Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
'ppp' has no evident maintainer, so assigning globally.
Assignee: bugsquad => pkg-bugs
Ubuntu has issued an advisory for this today (February 20): https://usn.ubuntu.com/4288-1/
Severity: critical => major
Done for both Cauldron and mga7!
CC: (none) => geiger.david68210
Advisory: ======================== Updated ppp packages fix security vulnerability: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name (CVE-2020-8597). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8597 https://www.debian.org/lts/security/2020/dla-2097 ======================== Updated packages in core/updates_testing: ======================== ppp-2.4.7-13.1.mga7 ppp-devel-2.4.7-13.1.mga7 ppp-pppoatm-2.4.7-13.1.mga7 ppp-pppoe-2.4.7-13.1.mga7 ppp-radius-2.4.7-13.1.mga7 ppp-dhcp-2.4.7-13.1.mga7 from ppp-2.4.7-13.1.mga7.src.rpm
Version: Cauldron => 7Assignee: pkg-bugs => qa-bugsWhiteboard: MGA7TOO => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. Reading in MCC "ppp daemon" and seeing an executable pppd, made me try: # systemctl -l status pppd Unit pppd.service could not be found. So tried at CLI # pppd ~�}#�!}!}!} }4}"}&} } } } }%}&%7�b}'}"}(}"L�~~�}#�!}!}!} }4}"}&} } } } and more of this stuff Ref bug 15714 did not bring me further, sine the kppp package referred there does not seem to exist anymore. Googling brought me either to "posterior pelvic pain provocation" or Porsche.... If TJ approves, I will OK on clean install.
CC: (none) => herman.viaene
Keywords: (none) => advisoryCC: (none) => tmb
Sorry I didn't look in on this before now, Herman. As always, thank you for your efforts. Since tmb uploaded the advisory without comment, I'm going to assume he has no objection to a clean install OK. I find that reassuring. So, I'll go ahead and add the OK, and validate so this can go on it's way.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OKCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0139.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED