ALAS2-2020-1400


Amazon Linux 2 Security Advisory: ALAS-2020-1400
Advisory Release Date: 2020-03-06 22:35 Pacific
Severity: Important
References: CVE-2020-8597 

Issue Overview:

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. (CVE-2020-8597 )


Affected Packages:

ppp


Issue Correction:
Run yum update ppp to update your system.

New Packages:
aarch64:
    ppp-2.4.5-33.amzn2.0.3.aarch64
    ppp-devel-2.4.5-33.amzn2.0.3.aarch64
    ppp-debuginfo-2.4.5-33.amzn2.0.3.aarch64

i686:
    ppp-2.4.5-33.amzn2.0.3.i686
    ppp-devel-2.4.5-33.amzn2.0.3.i686
    ppp-debuginfo-2.4.5-33.amzn2.0.3.i686

src:
    ppp-2.4.5-33.amzn2.0.3.src

x86_64:
    ppp-2.4.5-33.amzn2.0.3.x86_64
    ppp-devel-2.4.5-33.amzn2.0.3.x86_64
    ppp-debuginfo-2.4.5-33.amzn2.0.3.x86_64