Synopsis: Important: freeradius security update Advisory ID: SLSA-2017:2389-1 Issue Date: 2017-08-02 CVE Numbers: CVE-2017-10978 CVE-2017-10983 CVE-2017-10984 CVE-2017-10985 CVE-2017-10986 CVE-2017-10987 -- Security Fix(es): * An out-of-bounds write flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to crash the FreeRADIUS server or to execute arbitrary code in the context of the FreeRADIUS server process by sending a specially crafted request packet. (CVE-2017-10984) * An out-of-bounds read and write flaw was found in the way FreeRADIUS server handled RADIUS packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted RADIUS packet. (CVE-2017-10978) * An out-of-bounds read flaw was found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use this flaw to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10983) * A denial of service flaw was found in the way FreeRADIUS server handled certain attributes in request packets. A remote attacker could use this flaw to cause the FreeRADIUS server to enter an infinite loop, consume increasing amounts of memory resources, and ultimately crash by sending a specially crafted request packet. (CVE-2017-10985) * Multiple out-of-bounds read flaws were found in the way FreeRADIUS server handled decoding of DHCP packets. A remote attacker could use these flaws to crash the FreeRADIUS server by sending a specially crafted DHCP request. (CVE-2017-10986, CVE-2017-10987) -- SL7 x86_64 freeradius-3.0.13-8.el7_4.x86_64.rpm freeradius-debuginfo-3.0.13-8.el7_4.x86_64.rpm freeradius-debuginfo-3.0.13-8.el7_4.i686.rpm freeradius-devel-3.0.13-8.el7_4.i686.rpm freeradius-devel-3.0.13-8.el7_4.x86_64.rpm freeradius-doc-3.0.13-8.el7_4.x86_64.rpm freeradius-krb5-3.0.13-8.el7_4.x86_64.rpm freeradius-ldap-3.0.13-8.el7_4.x86_64.rpm freeradius-mysql-3.0.13-8.el7_4.x86_64.rpm freeradius-perl-3.0.13-8.el7_4.x86_64.rpm freeradius-postgresql-3.0.13-8.el7_4.x86_64.rpm freeradius-python-3.0.13-8.el7_4.x86_64.rpm freeradius-sqlite-3.0.13-8.el7_4.x86_64.rpm freeradius-unixODBC-3.0.13-8.el7_4.x86_64.rpm freeradius-utils-3.0.13-8.el7_4.x86_64.rpm - Scientific Linux Development Team