Paketname
freeradius
Datum
2010-01-11
Advisory ID
MDVSA-2009:227-1
Betroffene Versionen
2008.0 i586 , 2008.0 x86_64

Problembeschreibung

A vulnerability has been found and corrected in freeradius:

The rad_decode function in FreeRADIUS before 1.1.8 allows remote
attackers to cause a denial of service (radiusd crash) via zero-length
Tunnel-Password attributes. NOTE: this is a regression error related
to CVE-2003-0967 (CVE-2009-3111).

This update provides a solution to this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

Aktualisierte Pakete

2008.0 i586

 5db7c7125fc6b64c4e19b41743a3d391  2008.0/i586/freeradius-1.1.7-2.1mdv2008.0.i586.rpm
 d59025aad5710dcf003b8edfe695848c  2008.0/i586/libfreeradius1-1.1.7-2.1mdv2008.0.i586.rpm
 02aa3c297749e91957e097e9de134ce7  2008.0/i586/libfreeradius1-devel-1.1.7-2.1mdv2008.0.i586.rpm
 ddaa5a7e121c621798cf0358a245c5ce  2008.0/i586/libfreeradius1-krb5-1.1.7-2.1mdv2008.0.i586.rpm
 1f0ea64c0787b93c42fb29fbd615baad  2008.0/i586/libfreeradius1-ldap-1.1.7-2.1mdv2008.0.i586.rpm
 c4f227f1f8f935148c0c7aeba688d3df  2008.0/i586/libfreeradius1-mysql-1.1.7-2.1mdv2008.0.i586.rpm
 8f5eb11bfcf411b1854cec739a17e496  2008.0/i586/libfreeradius1-postgresql-1.1.7-2.1mdv2008.0.i586.rpm
 f44080d2bd42733cc640992d70f94399  2008.0/i586/libfreeradius1-unixODBC-1.1.7-2.1mdv2008.0.i586.rpm 
 088a48c14b01451f7799c2a0b3820f70  2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm

2008.0 x86_64

 d26be209e79a0da439d3489108650ea2  2008.0/x86_64/freeradius-1.1.7-2.1mdv2008.0.x86_64.rpm
 082f9155c2f093e74c2186e708bebbe6  2008.0/x86_64/lib64freeradius1-1.1.7-2.1mdv2008.0.x86_64.rpm
 4e3053bd6265f37ba4527c9738624473  2008.0/x86_64/lib64freeradius1-devel-1.1.7-2.1mdv2008.0.x86_64.rpm
 bc25d9c5adc3f7ce432fa20160616e45  2008.0/x86_64/lib64freeradius1-krb5-1.1.7-2.1mdv2008.0.x86_64.rpm
 268827f99ffd55741d727725fc6236fd  2008.0/x86_64/lib64freeradius1-ldap-1.1.7-2.1mdv2008.0.x86_64.rpm
 84f2e95d7c341e593d437cae273bf340  2008.0/x86_64/lib64freeradius1-mysql-1.1.7-2.1mdv2008.0.x86_64.rpm
 d3ea3f4db30aefbb571714904fa5f4fb  2008.0/x86_64/lib64freeradius1-postgresql-1.1.7-2.1mdv2008.0.x86_64.rpm
 a7a6e27406a4ec0bcdfc9a1399e21719  2008.0/x86_64/lib64freeradius1-unixODBC-1.1.7-2.1mdv2008.0.x86_64.rpm 
 088a48c14b01451f7799c2a0b3820f70  2008.0/SRPMS/freeradius-1.1.7-2.1mdv2008.0.src.rpm

Referenzen