An integer overflow in PPP might allow local attackers to obtain sensitive information.
|Package||net-dialup/ppp on all architectures|
|Affected versions||< 2.4.7|
|Unaffected versions||>= 2.4.7|
PPP is a Unix implementation of the Point-to-Point Protocol
Integer overflow is discovered in the getword function in options.c in PPP
A local attacker could execute process with extremely long options list, possibly obtaining sensitive information.
There is no known workaround at this time.
All PPP users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dialup/ppp-2.4.7"
December 13, 2014
December 13, 2014: 2