full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [USN-459-2] pptpd regression

[USN-459-2] pptpd regression

From: Kees Cook <kees_at_nospam>
Date: Mon May 21 2007 - 21:22:09 GMT
To: ubuntu-security-announce@lists.ubuntu.com



Ubuntu Security Notice USN-459-2 May 21, 2007 pptpd vulnerabilities
https://launchpad.net/bugs/115448

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: bcrelay 1.2.3-1ubuntu0.2 pptpd 1.2.3-1ubuntu0.2

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-459-1 fixed vulnerabilities in pptpd. However, a portion of the fix caused a regression in session establishment under Dapper for certain PPTP clients. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

 A flaw was discovered in the PPTP tunnel server. Remote attackers could  send a specially crafted packet and disrupt established PPTP tunnels,  leading to a denial of service.

Updated packages for Ubuntu 6.06 LTS:

  Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2.diff.gz Size/MD5: 9454 2d77f7325b22f11bc934caae910d6235 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2.dsc Size/MD5: 597 99180d1dd8b3fb5d18f200bcec669beb http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3.orig.tar.gz Size/MD5: 185721 a521e40ca304b0c125cc25f9b9d03324

  amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_amd64.deb Size/MD5: 20470 3f21f2728e3ea23ee38316f5441d6d8d http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_amd64.deb Size/MD5: 56676 b87a21300d9010e1a4bd38dfcc72963d

  i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_i386.deb Size/MD5: 19702 79dec9218e4c44ce9ab75ceb609494ff http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_i386.deb Size/MD5: 54228 0801f14c705396544b024417a9edd53a

  powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_powerpc.deb Size/MD5: 20368 d2e318aa804d06c3a9fa84f17d0a582c http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_powerpc.deb Size/MD5: 58308 52095cfefa517a7e6fa22bdf4d6a148e

  sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.2_sparc.deb Size/MD5: 20142 61d2f4e9a005ab87646006fc12fe9d72 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.2_sparc.deb Size/MD5: 54602 d6ff36cf5d38e0c453941f89559b09f2

-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce