Bug 710308 (CVE-2020-8597)

Comment 1 Thomas Deutschmann (RETIRED) 2020-02-20 16:21:54 UTC

*** Bug 708192 has been marked as a duplicate of this bug. ***

Comment 2 Thomas Deutschmann (RETIRED) 2020-02-20 16:23:55 UTC

Note that -D_FORTIFY_SOURCE=2 should caught that.

Comment 3 Thomas Deutschmann (RETIRED) 2020-02-20 16:49:30 UTC

Upgrading to B1: Pre-auth, allowing code execution and pppd has setuid set allowing priv escalation.

Comment 4 Larry the Git Cow 2020-02-26 15:37:14 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=481553feb5f5711c7504ee8779b378b2034692a2

commit 481553feb5f5711c7504ee8779b378b2034692a2
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-02-26 15:31:03 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-02-26 15:37:06 +0000

    net-dialup/ppp: Bump to version 2.4.8
    
    with security backport for CVE-2020-8597
    (0017-pppd-Fix-bounds-check-in-EAP-code.patch)
    
    Bug: https://bugs.gentoo.org/710308
    Closes: https://bugs.gentoo.org/704680
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-dialup/ppp/Manifest         |   2 +
 net-dialup/ppp/ppp-2.4.8.ebuild | 232 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 234 insertions(+)

Comment 5 Sergey Popov 2020-03-10 08:37:46 UTC

Arches, please test and mark stable

=net-misc/netifrc-0.7.1
=net-dialup/ppp-2.4.8

Target keywords: amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86

Comment 6 Sergey Popov 2020-03-10 08:39:28 UTC

amd64/x86 stable

Comment 7 Rolf Eike Beer 2020-03-11 17:23:22 UTC

sparc stable

Comment 8 Agostino Sarubbo 2020-03-12 16:22:42 UTC

arm stable

Comment 9 Agostino Sarubbo 2020-03-12 16:23:54 UTC

ppc stable

Comment 10 Agostino Sarubbo 2020-03-12 16:24:38 UTC

ppc64 stable

Comment 11 Sergei Trofimovich (RETIRED) 2020-03-14 22:00:23 UTC

ia64 stable

Comment 12 Thomas Deutschmann (RETIRED) 2020-03-15 02:57:23 UTC

New GLSA request filed.

Comment 13 GLSAMaker/CVETool Bot 2020-03-15 03:05:56 UTC

This issue was resolved and addressed in
 GLSA 202003-19 at https://security.gentoo.org/glsa/202003-19
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 14 Thomas Deutschmann (RETIRED) 2020-03-15 03:06:28 UTC

Re-opening for remaining architectures.

Comment 15 Rolf Eike Beer 2020-03-23 21:19:16 UTC

hppa stable

Comment 16 Sam James 2020-04-01 21:05:44 UTC

arm64 stable

Comment 17 Sam James 2020-04-01 21:06:18 UTC

@maintainer(s), please cleanup

Comment 18 Larry the Git Cow 2020-04-02 07:18:39 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c

commit d97a6cdaa517c0c7c2a5658100bc99ea2dc7188c
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2020-04-02 07:18:30 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2020-04-02 07:18:30 +0000

    net-dialup/ppp: Security cleanup
    
    Bug: https://bugs.gentoo.org/710308
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 net-dialup/ppp/Manifest            |   2 -
 net-dialup/ppp/ppp-2.4.7-r7.ebuild | 230 -------------------------------------
 2 files changed, 232 deletions(-)

Comment 19 Sam James 2020-04-02 07:22:16 UTC

Tree clean, glsa done, closing. Thanks everyone.