Описание
Security update for freeradius-server
This update for freeradius-server fixes the following issues:
- CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (bnc#1041445)
- CVE-2015-4680: Add a configuration option to allow checking of all intermediate certificates for revocations. (bnc#935573)
The following non security issue was fixed:
- Cannot create table radpostauth because of deprecated TIMESTAMP(14) syntax. (bsc#912873)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
freeradius-server-2.1.1-7.24.1
freeradius-server-dialupadmin-2.1.1-7.24.1
freeradius-server-doc-2.1.1-7.24.1
freeradius-server-libs-2.1.1-7.24.1
freeradius-server-utils-2.1.1-7.24.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
freeradius-server-2.1.1-7.24.1
freeradius-server-dialupadmin-2.1.1-7.24.1
freeradius-server-doc-2.1.1-7.24.1
freeradius-server-libs-2.1.1-7.24.1
freeradius-server-utils-2.1.1-7.24.1
SUSE Linux Enterprise Software Development Kit 11 SP4
freeradius-server-devel-2.1.1-7.24.1
freeradius-server-libs-2.1.1-7.24.1
Ссылки
- Link for SUSE-SU-2017:1777-1
- E-Mail link for SUSE-SU-2017:1777-1
- SUSE Security Ratings
- SUSE Bug 1041445
- SUSE Bug 912873
- SUSE Bug 935573
- SUSE CVE CVE-2015-4680 page
- SUSE CVE CVE-2017-9148 page
Описание
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:freeradius-server-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-dialupadmin-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-doc-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-libs-2.1.1-7.24.1
Ссылки
- CVE-2015-4680
- SUSE Bug 935573
Описание
The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:freeradius-server-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-dialupadmin-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-doc-2.1.1-7.24.1
SUSE Linux Enterprise Server 11 SP4:freeradius-server-libs-2.1.1-7.24.1
Ссылки
- CVE-2017-9148
- SUSE Bug 1041445
- SUSE Bug 1046141