Hello community, here is the log from the commit of package ppp for openSUSE:Factory checked in at 2015-11-18 22:31:18 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ppp (Old) and /work/SRC/openSUSE:Factory/.ppp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "ppp" Changes: -------- --- /work/SRC/openSUSE:Factory/ppp/ppp.changes 2014-11-26 10:35:32.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.ppp.new/ppp.changes 2015-11-18 22:31:19.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Nov 13 15:26:03 UTC 2015 - max@suse.com + +- Added ppp-CVE-2015-3310.patch: + Fix for bnc#927841, CVE-2015-3310: Fix buffer overflow in radius + plug-in's rc_mksid(). + +------------------------------------------------------------------- New: ---- ppp-CVE-2015-3310.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ppp.spec ++++++ --- /var/tmp/diff_new_pack.9p4v1a/_old 2015-11-18 22:31:21.000000000 +0100 +++ /var/tmp/diff_new_pack.9p4v1a/_new 2015-11-18 22:31:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package ppp # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -69,6 +69,8 @@ Patch21: ppp-2.4.6-lib64.patch Patch22: ppp-2.4.4-var_run_resolv_conf.patch Patch23: ppp-send-padt.patch +# PATCH-FIX-UPSTREAM -- Patch for CVE-2015-3310 +Patch24: ppp-CVE-2015-3310.patch %description The ppp package contains the PPP (Point-to-Point Protocol) daemon, @@ -109,6 +111,7 @@ %endif %patch22 %patch23 -p1 +%patch24 sed -i -e '1s/local\///' scripts/secure-card find scripts -type f | xargs chmod a-x find -type f -name '*.orig' | xargs rm -f ++++++ ppp-CVE-2015-3310.patch ++++++ --- pppd/plugins/radius/util.c +++ pppd/plugins/radius/util.c @@ -77,7 +77,7 @@ rc_mksid (void) static unsigned short int cnt = 0; sprintf (buf, "%08lX%04X%02hX", (unsigned long int) time (NULL), - (unsigned int) getpid (), + (unsigned int) getpid () % 65535, cnt & 0xFF); cnt++; return buf;