Synopsis: Moderate: freeradius security and bug fix update Advisory ID: SLSA-2020:3984-1 Issue Date: 2020-10-01 CVE Numbers: CVE-2019-10143 CVE-2019-13456 CVE-2019-17185 -- Security Fix(es): * freeradius: privilege escalation due to insecure logrotate configuration (CVE-2019-10143) * freeradius: eap-pwd: Information leak due to aborting when needing more than 10 iterations (CVE-2019-13456) * freeradius: eap-pwd: DoS issues due to multithreaded BN_CTX access (CVE-2019-17185) -- SL7 x86_64 freeradius-3.0.13-15.el7.x86_64.rpm freeradius-debuginfo-3.0.13-15.el7.x86_64.rpm freeradius-debuginfo-3.0.13-15.el7.i686.rpm freeradius-devel-3.0.13-15.el7.i686.rpm freeradius-devel-3.0.13-15.el7.x86_64.rpm freeradius-doc-3.0.13-15.el7.x86_64.rpm freeradius-krb5-3.0.13-15.el7.x86_64.rpm freeradius-ldap-3.0.13-15.el7.x86_64.rpm freeradius-mysql-3.0.13-15.el7.x86_64.rpm freeradius-perl-3.0.13-15.el7.x86_64.rpm freeradius-postgresql-3.0.13-15.el7.x86_64.rpm freeradius-python-3.0.13-15.el7.x86_64.rpm freeradius-sqlite-3.0.13-15.el7.x86_64.rpm freeradius-unixODBC-3.0.13-15.el7.x86_64.rpm freeradius-utils-3.0.13-15.el7.x86_64.rpm - Scientific Linux Development Team