L2TPD Write_Packet Block BSS based Buffer Overflow Vulnerability

L2TPD Write_Packet Block BSS based Buffer Overflow Vulnerability

Solution:
Debian has released security advisory DSA 530-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200407-17 dealing with this issue. They have advised that users take the following actions and upgrade to the latest stable version:

# emerge sync

# emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

For more information, please see the referenced Gentoo advisory.

l2tpd l2tpd 0.67

Debian l2tpd_0.67-1.2_arm.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_ar m.deb

Debian l2tpd_0.67-1.2_hppa.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_hp pa.deb

Debian l2tpd_0.67-1.2_i386.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_i3 86.deb

Debian l2tpd_0.67-1.2_ia64.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_ia 64.deb

Debian l2tpd_0.67-1.2_m68k.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_m6 8k.deb

Debian l2tpd_0.67-1.2_mips.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_mi ps.deb

Debian l2tpd_0.67-1.2_mipsel.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_mi psel.deb

Debian l2tpd_0.67-1.2_powerpc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_po werpc.deb

Debian l2tpd_0.67-1.2_s390.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_s3 90.deb

Debian l2tpd_0.67-1.2_sparc.deb
Debian GNU/Linux 3.0 (woody)
http://security.debian.org/pool/updates/main/l/l2tpd/l2tpd_0.67-1.2_sp arc.deb