Описание
ELSA-2020-4799: freeradius:3.0 security and bug fix update (MODERATE)
[3.0.20-3]
- Require make for proper bootstrap execution, removes post script Resolves: bz#1672285
[3.0.20-2]
- Fix breakage caused by OpenSSL FIPS regression Related: bz#1855822 Related: bz#1810911 Resolves: bz#1672285
[3.0.20-1]
- Update to FreeRADIUS server version 3.0.20
- Introduce Python 3 support; resolves: bz#1623069
- DoS issues due to multithreaded BN_CTX access; resolves: bz#1818809
- Create tmp files in /run; resolves: bz#1805975
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module freeradius:3.0 is enabled
freeradius
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-devel
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-doc
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-krb5
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-ldap
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-mysql
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-perl
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-postgresql
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-rest
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-sqlite
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-unixODBC
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-utils
3.0.20-3.module+el8.3.0+7821+dc9b437c
python3-freeradius
3.0.20-3.module+el8.3.0+7821+dc9b437c
Oracle Linux x86_64
Module freeradius:3.0 is enabled
freeradius
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-devel
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-doc
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-krb5
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-ldap
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-mysql
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-perl
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-postgresql
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-rest
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-sqlite
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-unixODBC
3.0.20-3.module+el8.3.0+7821+dc9b437c
freeradius-utils
3.0.20-3.module+el8.3.0+7821+dc9b437c
python3-freeradius
3.0.20-3.module+el8.3.0+7821+dc9b437c
Связанные CVE
Связанные уязвимости
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.
In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...
