Описание
Security update for ppp
The ppp package was updated to fix the following security issue:
- CVE-2015-3310: Fixed a buffer overflow in radius plug-in's rc_mksid() (bsc#927841).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
ppp-2.4.7-3.4
SUSE Linux Enterprise Desktop 12 SP2
ppp-2.4.7-3.4
SUSE Linux Enterprise Server 12 SP1
ppp-2.4.7-3.4
SUSE Linux Enterprise Server 12 SP2
ppp-2.4.7-3.4
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
ppp-2.4.7-3.4
SUSE Linux Enterprise Server for SAP Applications 12 SP1
ppp-2.4.7-3.4
SUSE Linux Enterprise Server for SAP Applications 12 SP2
ppp-2.4.7-3.4
SUSE Linux Enterprise Software Development Kit 12 SP1
ppp-devel-2.4.7-3.4
SUSE Linux Enterprise Software Development Kit 12 SP2
ppp-devel-2.4.7-3.4
Ссылки
- Link for SUSE-SU-2017:0474-1
- E-Mail link for SUSE-SU-2017:0474-1
- SUSE Security Ratings
- SUSE Bug 927841
- SUSE CVE CVE-2015-3310 page
Описание
Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:ppp-2.4.7-3.4
SUSE Linux Enterprise Desktop 12 SP2:ppp-2.4.7-3.4
SUSE Linux Enterprise Server 12 SP1:ppp-2.4.7-3.4
SUSE Linux Enterprise Server 12 SP2:ppp-2.4.7-3.4
Ссылки
- CVE-2015-3310
- SUSE Bug 927841