Synopsis: Moderate: freeradius security update Issue date: 2007-05-10 CVE Names: CVE-2007-2028 A memory leak flaw was found in the way FreeRADIUS parses certain authentication requests. A remote attacker could send a specially crafted authentication request which could cause FreeRADIUS to leak a small amount of memory. If enough of these requests are sent, the FreeRADIUS daemon would consume a vast quantity of system memory leading to a possible denial of service. (CVE-2007-2028) SL 3.0.x SRPMS: freeradius-1.0.1-2.RHEL3.4.src.rpm i386: freeradius-1.0.1-2.RHEL3.4.i386.rpm x86_64: freeradius-1.0.1-2.RHEL3.4.x86_64.rpm SL 4.x SRPMS: freeradius-1.0.1-3.RHEL4.5.src.rpm i386: freeradius-1.0.1-3.RHEL4.5.i386.rpm freeradius-mysql-1.0.1-3.RHEL4.5.i386.rpm freeradius-postgresql-1.0.1-3.RHEL4.5.i386.rpm freeradius-unixODBC-1.0.1-3.RHEL4.5.i386.rpm x86_64: freeradius-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-mysql-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-postgresql-1.0.1-3.RHEL4.5.x86_64.rpm freeradius-unixODBC-1.0.1-3.RHEL4.5.x86_64.rpm SL 5.x SRPMS: freeradius-1.1.3-1.2.el5.src.rpm i386: freeradius-1.1.3-1.2.el5.i386.rpm freeradius-mysql-1.1.3-1.2.el5.i386.rpm freeradius-postgresql-1.1.3-1.2.el5.i386.rpm freeradius-unixODBC-1.1.3-1.2.el5.i386.rpm -Connie Sieh