Описание
ELSA-2017-1759: freeradius security update (IMPORTANT)
[2.2.6-7]
- Resolves: Bug#1469115 CVE-2017-10979 freeradius: Out-of-bounds write in rad_coalesce()
- Resolves: Bug#1469118 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret()
- Resolves: Bug#1469120 CVE-2017-10980 freeradius: Memory leak in decode_tlv()
- Resolves: Bug#1469122 CVE-2017-10981 freeradius: Memory leak in fr_dhcp_decode()
- Resolves: Bug#1469124 CVE-2017-10982 freeradius: Out-of-bounds read in fr_dhcp_decode_options()
- Resolves: Bug#1469126 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
freeradius
2.2.6-7.el6_9
freeradius-krb5
2.2.6-7.el6_9
freeradius-ldap
2.2.6-7.el6_9
freeradius-mysql
2.2.6-7.el6_9
freeradius-perl
2.2.6-7.el6_9
freeradius-postgresql
2.2.6-7.el6_9
freeradius-python
2.2.6-7.el6_9
freeradius-unixODBC
2.2.6-7.el6_9
freeradius-utils
2.2.6-7.el6_9
Oracle Linux i686
freeradius
2.2.6-7.el6_9
freeradius-krb5
2.2.6-7.el6_9
freeradius-ldap
2.2.6-7.el6_9
freeradius-mysql
2.2.6-7.el6_9
freeradius-perl
2.2.6-7.el6_9
freeradius-postgresql
2.2.6-7.el6_9
freeradius-python
2.2.6-7.el6_9
freeradius-unixODBC
2.2.6-7.el6_9
freeradius-utils
2.2.6-7.el6_9
Ссылки на источники
Связанные уязвимости
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service.
An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memo ...