MDVSA-2012:159
- Package name
- freeradius
- Date
- 2012-10-03
- Advisory ID
- MDVSA-2012:159
- Affected versions
- 2011 i586 , 2011 x86_64
Problem description
A vulnerability has been found and corrected in freeradius:
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS
2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote
attackers to cause a denial of service (server crash) and possibly
execute arbitrary code via a long not after timestamp in a client
certificate (CVE-2012-3547).
The updated packages have been patched to correct this issue.
Updated packages
2011 i586
c1f7dd3c63219d6ddba3b693e85b54f0 2011/i586/freeradius-2.1.11-1.2-mdv2011.0.i586.rpm 77867c01b4e54279dfe0677380f5e0b2 2011/i586/freeradius-krb5-2.1.11-1.2-mdv2011.0.i586.rpm c27c3159f9b84582a66a538e928fc199 2011/i586/freeradius-ldap-2.1.11-1.2-mdv2011.0.i586.rpm 2d6846aecdbe518f3575a348f07f2619 2011/i586/freeradius-mysql-2.1.11-1.2-mdv2011.0.i586.rpm aa054c788955f0bfe75d77b0ebda3b94 2011/i586/freeradius-postgresql-2.1.11-1.2-mdv2011.0.i586.rpm 03f39845e147e0624d0687490f54628e 2011/i586/freeradius-sqlite-2.1.11-1.2-mdv2011.0.i586.rpm 3670f12da29325a9716056e7227cbc61 2011/i586/freeradius-unixODBC-2.1.11-1.2-mdv2011.0.i586.rpm c356e50a18f58d3806dd8055d79f85f3 2011/i586/freeradius-web-2.1.11-1.2-mdv2011.0.i586.rpm a5334e4d2603d3f3daffe88c7c962670 2011/i586/libfreeradius1-2.1.11-1.2-mdv2011.0.i586.rpm f9e14a1173505b01d7c3a07185338271 2011/i586/libfreeradius-devel-2.1.11-1.2-mdv2011.0.i586.rpm 4b2467c195f57f6cd26c1eb1a4f75a7a 2011/SRPMS/freeradius-2.1.11-1.2.src.rpm
2011 x86_64
8befed97215fec669262081a66b86da7 2011/x86_64/freeradius-2.1.11-1.2-mdv2011.0.x86_64.rpm e78a7b04b3b10c3c76f82d440c773888 2011/x86_64/freeradius-krb5-2.1.11-1.2-mdv2011.0.x86_64.rpm a1c76c4b06bad997828a413b3baeb736 2011/x86_64/freeradius-ldap-2.1.11-1.2-mdv2011.0.x86_64.rpm 00529373241e2bd866ad9837102915f6 2011/x86_64/freeradius-mysql-2.1.11-1.2-mdv2011.0.x86_64.rpm 05d9b5466c70f3ce6936684b8c7fc6fc 2011/x86_64/freeradius-postgresql-2.1.11-1.2-mdv2011.0.x86_64.rpm 3d87af1586416f54d8737fd5baf7ac5d 2011/x86_64/freeradius-sqlite-2.1.11-1.2-mdv2011.0.x86_64.rpm 1992ca35ddb4fe8246f7a38055c76976 2011/x86_64/freeradius-unixODBC-2.1.11-1.2-mdv2011.0.x86_64.rpm 2742a7014e65c3ae516a972990c27650 2011/x86_64/freeradius-web-2.1.11-1.2-mdv2011.0.x86_64.rpm d7b9f249280727b6b71ff35e67161b4b 2011/x86_64/lib64freeradius1-2.1.11-1.2-mdv2011.0.x86_64.rpm 639bc1ef6005e14dfdda70e3290c0c42 2011/x86_64/lib64freeradius-devel-2.1.11-1.2-mdv2011.0.x86_64.rpm 4b2467c195f57f6cd26c1eb1a4f75a7a 2011/SRPMS/freeradius-2.1.11-1.2.src.rpm