Описание
Security update for ppp
The ppp package was updated to fix the following security issue:
- CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
ppp-2.4.5.git-2.31.7
SUSE Linux Enterprise Server for SAP Applications 11 SP4
ppp-2.4.5.git-2.31.7
SUSE Linux Enterprise Software Development Kit 11 SP4
ppp-devel-2.4.5.git-2.31.7
Ссылки
- Link for SUSE-SU-2017:0473-1
- E-Mail link for SUSE-SU-2017:0473-1
- SUSE Security Ratings
- SUSE Bug 927841
- SUSE CVE CVE-2015-3310 page
Описание
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:ppp-2.4.5.git-2.31.7
SUSE Linux Enterprise Server for SAP Applications 11 SP4:ppp-2.4.5.git-2.31.7
SUSE Linux Enterprise Software Development Kit 11 SP4:ppp-devel-2.4.5.git-2.31.7
Ссылки
- CVE-2015-3310
- SUSE Bug 927841