Description: "In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a buffer overflow when receiving an l2tp control packet ith an AVP which type is a string and no hidden flags, length set to less than 6. If your application is used in open networks or there are untrusted nodes in the network it is highly recommended to apply the patch. The problem was patched with commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b As a workaround changes of commit 2324bcd5ba12cf28f47357a8f03cd41b7c04c52b can be applied to older versions."
Upstream say in the advisory: "Affected versions 1.12.0-92-g38b6104 Patched versions 1.12.0-95-g7c04c52b" But I don't see any use of patch releases there and I'm not sure these are right. Need to check the code. This doesn't look great either: https://github.com/xebd/accel-ppp/issues/131. Wondering if this is just treeclean material?
(In reply to Sam James from comment #1) > > Wondering if this is just treeclean material? Not an option - unfortunately it is the only working and updating enterprise-grade solution for IPoE access for Linux. I should probably add snapshot release, covering all recent fixes - upstream somewhat lazy to make proper releases, official recommendation it to use latest version from git.
commit 71fed557815206d7b1380326fdfbcc56a4105bd7 Author: Sergey Popov <pinkbyte@gentoo.org> Date: Mon Sep 14 15:19:46 2020 +0300 net-dialup/accel-ppp: version bump Add snapshot with upstream changes, fixing CVE-2020-15173 Gentoo-Bug: https://bugs.gentoo.org/741568 Package-Manager: Portage-3.0.4, Repoman-2.3.23 Signed-off-by: Sergey Popov <pinkbyte@gentoo.org>
(In reply to Sergey Popov from comment #2) > (In reply to Sam James from comment #1) > > > > Wondering if this is just treeclean material? > > Not an option - unfortunately it is the only working and updating > enterprise-grade solution for IPoE access for Linux. > > I should probably add snapshot release, covering all recent fixes - upstream > somewhat lazy to make proper releases, official recommendation it to use > latest version from git. I understand, no problem, I just wanted to ask because upstream looked a bit odd! Thanks for the bump. Please cleanup when ready.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=44040310ba621120a3d6eee12441f990e7ccaa1b commit 44040310ba621120a3d6eee12441f990e7ccaa1b Author: Sergey Popov <pinkbyte@gentoo.org> AuthorDate: 2020-09-21 08:31:08 +0000 Commit: Sergey Popov <pinkbyte@gentoo.org> CommitDate: 2020-09-21 08:31:34 +0000 net-dialup/accel-ppp: drop old version Bug: https://bugs.gentoo.org/741568 Package-Manager: Portage-3.0.4, Repoman-2.3.23 Signed-off-by: Sergey Popov <pinkbyte@gentoo.org> net-dialup/accel-ppp/Manifest | 1 - net-dialup/accel-ppp/accel-ppp-1.12.0-r1.ebuild | 108 -------- .../files/accel-ppp-1.12.0-kernel-5.2.patch | 282 --------------------- 3 files changed, 391 deletions(-)
Unstable package so no GLSA, should be good to close now. Thanks pinkbyte.