SCIENTIFIC-LINUX-ERRATA Archives

July 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: freeradius on SL6.x i386/x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Tue, 18 Jul 2017 13:22:21 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (63 lines) 
Synopsis:          Important: freeradius security update
Advisory ID:       SLSA-2017:1759-1
Issue Date:        2017-07-18
CVE Numbers:       CVE-2017-10978
                   CVE-2017-10979
                   CVE-2017-10980
                   CVE-2017-10981
                   CVE-2017-10982
                   CVE-2017-10983
--

Security Fix(es):

* An out-of-bounds write flaw was found in the way FreeRADIUS server
handled certain attributes in request packets. A remote attacker could use
this flaw to crash the FreeRADIUS server or to execute arbitrary code in
the context of the FreeRADIUS server process by sending a specially
crafted request packet. (CVE-2017-10979)

* An out-of-bounds read and write flaw was found in the way FreeRADIUS
server handled RADIUS packets. A remote attacker could use this flaw to
crash the FreeRADIUS server by sending a specially crafted RADIUS packet.
(CVE-2017-10978)

* Multiple memory leak flaws were found in the way FreeRADIUS server
handled decoding of DHCP packets. A remote attacker could use these flaws
to cause the FreeRADIUS server to consume an increasing amount of memory
resources over time, possibly leading to a crash due to memory exhaustion,
by sending specially crafted DHCP packets. (CVE-2017-10980,
CVE-2017-10981)

* Multiple out-of-bounds read flaws were found in the way FreeRADIUS
server handled decoding of DHCP packets. A remote attacker could use these
flaws to crash the FreeRADIUS server by sending a specially crafted DHCP
request. (CVE-2017-10982, CVE-2017-10983)
--

SL6
  x86_64
    freeradius-2.2.6-7.el6_9.x86_64.rpm
    freeradius-debuginfo-2.2.6-7.el6_9.x86_64.rpm
    freeradius-krb5-2.2.6-7.el6_9.x86_64.rpm
    freeradius-ldap-2.2.6-7.el6_9.x86_64.rpm
    freeradius-mysql-2.2.6-7.el6_9.x86_64.rpm
    freeradius-perl-2.2.6-7.el6_9.x86_64.rpm
    freeradius-postgresql-2.2.6-7.el6_9.x86_64.rpm
    freeradius-python-2.2.6-7.el6_9.x86_64.rpm
    freeradius-unixODBC-2.2.6-7.el6_9.x86_64.rpm
    freeradius-utils-2.2.6-7.el6_9.x86_64.rpm
  i386
    freeradius-2.2.6-7.el6_9.i686.rpm
    freeradius-debuginfo-2.2.6-7.el6_9.i686.rpm
    freeradius-krb5-2.2.6-7.el6_9.i686.rpm
    freeradius-ldap-2.2.6-7.el6_9.i686.rpm
    freeradius-mysql-2.2.6-7.el6_9.i686.rpm
    freeradius-perl-2.2.6-7.el6_9.i686.rpm
    freeradius-postgresql-2.2.6-7.el6_9.i686.rpm
    freeradius-python-2.2.6-7.el6_9.i686.rpm
    freeradius-unixODBC-2.2.6-7.el6_9.i686.rpm
    freeradius-utils-2.2.6-7.el6_9.i686.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2