| Main Archive Page > Month Archives > full-disclosure-uk archives |
[Full-disclosure] [ MDVSA-2009:227-1 ] freeradius
From: <security_at_nospam>Date: Mon Jan 11 2010 - 18:16:00 GMT
To: full-disclosure@lists.grok.org.uk
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mandriva Linux Security Advisory MDVSA-2009:227-1 http://www.mandriva.com/security/
Package : freeradius Date : January 11, 2010 Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in freeradius:
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111).
This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3111
Updated Packages:
Mandriva Linux 2008.0: 5db7c7125fc6b64c4e19b41743a3d391 2008.0/i586/freeradius-1.1.7-2.1mdv2008.0.i586.rpm d59025aad5710dcf003b8edfe695848c 2008.0/i586/libfreeradius1-1.1.7-2.1mdv2008.0.i586.rpm 02aa3c297749e91957e097e9de134ce7 2008.0/i586/libfreeradius1-devel-1.1.7-2.1mdv2008.0.i586.rpm ddaa5a7e121c621798cf0358a245c5ce 2008.0/i586/libfreeradius1-krb5-1.1.7-2.1mdv2008.0.i586.rpm 1f0ea64c0787b93c42fb29fbd615baad 2008.0/i586/libfreeradius1-ldap-1.1.7-2.1mdv2008.0.i586.rpm c4f227f1f8f935148c0c7aeba688d3df 2008.0/i586/libfreeradius1-mysql-1.1.7-2.1mdv2008.0.i586.rpm 8f5eb11bfcf411b1854cec739a17e496 2008.0/i586/libfreeradius1-postgresql-1.1.7-2.1mdv2008.0.i586.rpm f44080d2bd42733cc640992d70f94399 2008.0/i586/libfreeradius1-unixODBC-1.1.7-2.1mdv2008.0.i586.rpm 088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
d26be209e79a0da439d3489108650ea2 2008.0/x86_64/freeradius-1.1.7-2.1mdv2008.0.x86_64.rpm
082f9155c2f093e74c2186e708bebbe6 2008.0/x86_64/lib64freeradius1-1.1.7-2.1mdv2008.0.x86_64.rpm
4e3053bd6265f37ba4527c9738624473 2008.0/x86_64/lib64freeradius1-devel-1.1.7-2.1mdv2008.0.x86_64.rpm
bc25d9c5adc3f7ce432fa20160616e45 2008.0/x86_64/lib64freeradius1-krb5-1.1.7-2.1mdv2008.0.x86_64.rpm
268827f99ffd55741d727725fc6236fd 2008.0/x86_64/lib64freeradius1-ldap-1.1.7-2.1mdv2008.0.x86_64.rpm
84f2e95d7c341e593d437cae273bf340 2008.0/x86_64/lib64freeradius1-mysql-1.1.7-2.1mdv2008.0.x86_64.rpm
d3ea3f4db30aefbb571714904fa5f4fb 2008.0/x86_64/lib64freeradius1-postgresql-1.1.7-2.1mdv2008.0.x86_64.rpm
a7a6e27406a4ec0bcdfc9a1399e21719 2008.0/x86_64/lib64freeradius1-unixODBC-1.1.7-2.1mdv2008.0.x86_64.rpm
088a48c14b01451f7799c2a0b3820f70 2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLSz96mqjQ0CJFipgRAhn1AKDrpsYazirmVWdmk9e2QVlhT/I23ACgnuZF
tXu2ME6yDlg4jrTPfZ0jz5Q=
=b2h3
-----END PGP SIGNATURE-----
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/