ELSA-2017-1581

Опубликовано: 28 июн. 2017

Источник: oracle-oval

Платформа: Oracle Linux 7

Описание

ELSA-2017-1581: freeradius security update (IMPORTANT)

[3.0.4-8]

Disable internal OpenSSL cache and fix session cache file permissions. Resolves: Bug#1459131 CVE-2017-9148 freeradius: TLS resumption authentication bypass

Обновленные пакеты

Oracle Linux 7

Oracle Linux x86_64

freeradius

3.0.4-8.el7_3

freeradius-devel

3.0.4-8.el7_3

freeradius-doc

3.0.4-8.el7_3

freeradius-krb5

3.0.4-8.el7_3

freeradius-ldap

3.0.4-8.el7_3

freeradius-mysql

3.0.4-8.el7_3

freeradius-perl

3.0.4-8.el7_3

freeradius-postgresql

3.0.4-8.el7_3

freeradius-python

3.0.4-8.el7_3

freeradius-sqlite

3.0.4-8.el7_3

freeradius-unixODBC

3.0.4-8.el7_3

freeradius-utils

3.0.4-8.el7_3

Связанные CVE

CVE-2017-9148

Ссылки на источники

Связанные уязвимости

CVE-2017-9148

CVSS3: 9.8

ubuntu

больше 8 лет назад

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.