Описание
Security update for freeradius-server
This update for freeradius fixes the following issues:
Security issues fixed:
- CVE-2017-10988: Decode 'signed' attributes correctly. (bnc#1049086)
- CVE-2017-10987: Check for option overflowing the packet. (bnc#1049086)
- CVE-2017-10985: Fix infinite loop and memory exhaustion with 'concat' attributes. (bnc#1049086)
- CVE-2017-10984: Fix write overflow in data2vp_wimax(). (bnc#1049086)
- CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086)
- CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:2243-1
- E-Mail link for SUSE-SU-2017:2243-1
- SUSE Security Ratings
- SUSE Bug 1049086
- SUSE CVE CVE-2017-10978 page
- SUSE CVE CVE-2017-10983 page
- SUSE CVE CVE-2017-10984 page
- SUSE CVE CVE-2017-10985 page
- SUSE CVE CVE-2017-10987 page
- SUSE CVE CVE-2017-10988 page
Описание
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10978
- SUSE Bug 1049086
Описание
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10983
- SUSE Bug 1049086
Описание
An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-10984
- SUSE Bug 1049086
Описание
An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10985
- SUSE Bug 1049086
Описание
An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10987
- SUSE Bug 1049086
Описание
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Затронутые продукты
Ссылки
- CVE-2017-10988
- SUSE Bug 1049086