CVE-2014-3158

Publication date 15 November 2014

Last updated 24 July 2024


Ubuntu priority

Integer overflow in the getword function in options.c in pppd in Paul's PPP Package (ppp) before 2.4.7 allows attackers to "access privileged options" via a long word in an options file, which triggers a heap-based buffer overflow that "[corrupts] security-relevant variables."

Status

Package Ubuntu Release Status
ppp 14.10 utopic
Fixed 2.4.5-5.1ubuntu3.1
14.04 LTS trusty
Fixed 2.4.5-5.1ubuntu2.1
12.04 LTS precise
Fixed 2.4.5-5ubuntu1.1
10.04 LTS lucid
Fixed 2.4.5~git20081126t100229-0ubuntu3.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
ppp