{"id":"MGASA-2020-0139","summary":"Updated ppp packages fix security vulnerability","details":"Updated ppp packages fix security vulnerability:\n\nIlja Van Sprundel discovered a buffer overflow vulnerability in ppp.\nWhen receiving an EAP Request message in client mode, an attacker was\nable to overflow the rhostname array by providing a very long name\n(CVE-2020-8597).\n","modified":"2026-02-02T09:05:06.757821Z","published":"2020-03-12T21:47:01Z","related":["CVE-2020-8597"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0139.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26217"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2020/dla-2097"}],"affected":[{"package":{"name":"ppp","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ppp?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.7-13.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0139.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}