--------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-2116 Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2116 2005-02-09 ---------------------------------------------------------------------
Name : rp-pppoe 7.3 Version : rp-pppoe-3.3-10.legacy 9 Version : rp-pppoe-3.5-2.2.legacy fc1 Version : rp-pppoe-3.5-8.2.legacy Summary : A PPP over Ethernet client (for xDSL support). Description : PPPoE (Point-to-Point Protocol over Ethernet) is a protocol used by many ADSL Internet Service Providers. This package contains the Roaring Penguin PPPoE client, a user-mode program that does not require any kernel modifications. It is fully compliant with RFC 2516, the official PPPoE specification.
--------------------------------------------------------------------- Update Information:
An updated rp-pppoe package that fixes a security vulnerability is now available.
Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet driver from Roaring Penguin. When the program is running setuid root (which is not the case in a default Red Hat Linux or Fedora Core installation), an attacker could overwrite any file on the file system. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0564 to this issue.
All users of rp-pppoe should upgrade to this updated package, which resolves this issue.
--------------------------------------------------------------------- Changelogs:
* Thu Oct 07 2004 Simon Weller <simon potelweller com> 3.3.8-7.x.legacy - added patch for CAN-2004-0564, setuid root file overwriting issue
* Thu Oct 07 2004 Rob Myers <rob myers gtri gatech edu> 3.5-8.1.legacy - add rp-pppoe-3.5-CAN-2004-0564.patch
--------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums)
Attachment:
signature.asc
Description: OpenPGP digital signature