Timo Sirainen discovered a vulnerability in pptpd, a Point to Point Tunneling Server, which implements PPTP-over-IPSEC and is commonly used to create Virtual Private Networks (VPN). By specifying a small packet length an attacker is able to overflow a buffer and execute code under the user id that runs pptpd, probably root. An exploit for this problem is already circulating.
For the stable distribution (woody) this problem has been fixed in version 1.1.2-1.4.
For the old stable distribution (potato) this problem has been fixed in version 1.0.0-4.2.
For the unstable distribution (sid) this problem has been fixed in version 1.1.4-0.b3.2.
We recommend that you upgrade your pptpd package immediately.
MD5 checksums of the listed files are available in the original advisory.