Описание
ELSA-2012-1326: freeradius security update (MODERATE)
[2.1.12-4]
- resolves: bug#855316 CVE-2012-3547 freeradius: Stack-based buffer overflow by processing certain expiration date fields of a certificate during x509 certificate validation
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
freeradius
2.1.12-4.el6_3
freeradius-krb5
2.1.12-4.el6_3
freeradius-ldap
2.1.12-4.el6_3
freeradius-mysql
2.1.12-4.el6_3
freeradius-perl
2.1.12-4.el6_3
freeradius-postgresql
2.1.12-4.el6_3
freeradius-python
2.1.12-4.el6_3
freeradius-unixODBC
2.1.12-4.el6_3
freeradius-utils
2.1.12-4.el6_3
Oracle Linux i686
freeradius
2.1.12-4.el6_3
freeradius-krb5
2.1.12-4.el6_3
freeradius-ldap
2.1.12-4.el6_3
freeradius-mysql
2.1.12-4.el6_3
freeradius-perl
2.1.12-4.el6_3
freeradius-postgresql
2.1.12-4.el6_3
freeradius-python
2.1.12-4.el6_3
freeradius-unixODBC
2.1.12-4.el6_3
freeradius-utils
2.1.12-4.el6_3
Связанные CVE
Связанные уязвимости
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...
Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long "not after" timestamp in a client certificate.