Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files. Configurations that use the refuse-app
option are unaffected.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "ppp", "binary_version": "2.4.5-5.1ubuntu2.3" }, { "binary_name": "ppp-dbgsym", "binary_version": "2.4.5-5.1ubuntu2.3" }, { "binary_name": "ppp-dev", "binary_version": "2.4.5-5.1ubuntu2.3" }, { "binary_name": "ppp-udeb", "binary_version": "2.4.5-5.1ubuntu2.3" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "ppp", "binary_version": "2.4.7-1+2ubuntu1.16.04.1" }, { "binary_name": "ppp-dbgsym", "binary_version": "2.4.7-1+2ubuntu1.16.04.1" }, { "binary_name": "ppp-dev", "binary_version": "2.4.7-1+2ubuntu1.16.04.1" }, { "binary_name": "ppp-udeb", "binary_version": "2.4.7-1+2ubuntu1.16.04.1" }, { "binary_name": "ppp-udeb-dbgsym", "binary_version": "2.4.7-1+2ubuntu1.16.04.1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "ppp", "binary_version": "2.4.7-2+2ubuntu1.1" }, { "binary_name": "ppp-dbgsym", "binary_version": "2.4.7-2+2ubuntu1.1" }, { "binary_name": "ppp-dev", "binary_version": "2.4.7-2+2ubuntu1.1" }, { "binary_name": "ppp-udeb", "binary_version": "2.4.7-2+2ubuntu1.1" } ] }