=========================================================== Ubuntu Security Notice USN-459-1 May 14, 2007 pptpd vulnerability CVE-2007-0244 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: pptpd 1.2.3-1ubuntu0.1 Ubuntu 6.10: pptpd 1.3.0-1ubuntu1.1 Ubuntu 7.04: pptpd 1.3.0-2ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: A flaw was discovered in the PPTP tunnel server. Remote attackers could send a specially crafted packet and disrupt established PPTP tunnels, leading to a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1.diff.gz Size/MD5: 9525 4652286f82318c860e5e76083d663a7a http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1.dsc Size/MD5: 597 e9625a44d4584da014ad77eba251454f http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3.orig.tar.gz Size/MD5: 185721 a521e40ca304b0c125cc25f9b9d03324 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_amd64.deb Size/MD5: 20370 545e71c0d8b32e871e45e4cfc5b6ad60 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_amd64.deb Size/MD5: 56580 04a987efa3877a0fceae2edb18b3f9f4 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_i386.deb Size/MD5: 19594 1799e178a5987452c890d56c52a9be0f http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_i386.deb Size/MD5: 54090 1ea05584c2e45f278fb8d33af0d5ae6f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_powerpc.deb Size/MD5: 20266 8de4f690aa76298f8fd0be5177a6d4ed http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_powerpc.deb Size/MD5: 58214 9d8bd2969a2fa04a2b7c9aa96d8f907e sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.2.3-1ubuntu0.1_sparc.deb Size/MD5: 20050 c4238aecb4637927d17a459cacdfc67e http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.2.3-1ubuntu0.1_sparc.deb Size/MD5: 54492 865f4e30dcff960623b51f2b8b7c3606 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1.diff.gz Size/MD5: 10658 4cdd436b493b97c08e2d8f9c3f0b8e78 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1.dsc Size/MD5: 598 8debde20d9628b9bfd6b31821db08c34 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.tar.gz Size/MD5: 204099 75d494e881f7027f4e60b114163f6b67 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_amd64.deb Size/MD5: 20598 f5560532c5a5223bd564b055bd0abf51 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_amd64.deb Size/MD5: 59582 e42730cfba2837b3c6150ba56d6f9902 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_i386.deb Size/MD5: 20114 b10592444d29719ffd929221d905e25c http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_i386.deb Size/MD5: 57270 a2301734c0e64841c813fc7a98ccd078 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_powerpc.deb Size/MD5: 20758 67b6f33a7b82b79799ebf848b2841862 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_powerpc.deb Size/MD5: 61800 97721f1023449e7748d3cc046d7dae13 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-1ubuntu1.1_sparc.deb Size/MD5: 20330 07990d07edc743e826673113a0107c81 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-1ubuntu1.1_sparc.deb Size/MD5: 57270 2703d5648dbdb6cc8be04e3af1d73b7c Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1.diff.gz Size/MD5: 11874 e81de357dfab8f29c3599625d81fc8cf http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1.dsc Size/MD5: 691 8c0d9ed20da4b2d5c7bc0e0d9af7c041 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0.orig.tar.gz Size/MD5: 204099 75d494e881f7027f4e60b114163f6b67 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_amd64.deb Size/MD5: 21054 f3435c33df5e7edca459e840b28250ba http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_amd64.deb Size/MD5: 60236 c83890c810e301e953a7e727dea4fb5f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_i386.deb Size/MD5: 20522 5848f785378f0b6fd5da58c1bb52e0c5 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_i386.deb Size/MD5: 57932 434b72a6df46510351da38769f8daded powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_powerpc.deb Size/MD5: 21712 d9aeb4185431c0f698f70ebd48be067e http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_powerpc.deb Size/MD5: 65494 709ade3791d02115930e5640c1a9ae07 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/bcrelay_1.3.0-2ubuntu2.1_sparc.deb Size/MD5: 21006 a6f1fa7420c618bf629ff0fd5588ce83 http://security.ubuntu.com/ubuntu/pool/main/p/pptpd/pptpd_1.3.0-2ubuntu2.1_sparc.deb Size/MD5: 58696 be68b75cd3cf01e5c4bcf79070e1587e