ALAS-2020-1371


Amazon Linux 1 Security Advisory: ALAS-2020-1371
Advisory Release Date: 2020-05-22 20:57 Pacific
Advisory Updated Date: 2020-06-03 17:20 Pacific
Severity: Important

Issue Overview:

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.(CVE-2020-8597)


Affected Packages:

ppp


Issue Correction:
Run yum update ppp to update your system.

New Packages:
i686:
    ppp-debuginfo-2.4.5-11.9.amzn1.i686
    ppp-2.4.5-11.9.amzn1.i686
    ppp-devel-2.4.5-11.9.amzn1.i686

src:
    ppp-2.4.5-11.9.amzn1.src

x86_64:
    ppp-2.4.5-11.9.amzn1.x86_64
    ppp-devel-2.4.5-11.9.amzn1.x86_64
    ppp-debuginfo-2.4.5-11.9.amzn1.x86_64