Описание
Security update for freeradius-server
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2017-10981: DHCP - Fix memory leak in fr_dhcp_decode(). (bnc#1049086)
- CVE-2017-10982: Fix buffer over-read in fr_dhcp_decode_options(). (bsc#1049086)
- CVE-2017-10983: Fix read overflow when decoding option 63. (bnc#1049086)
- CVE-2017-10978: Fix read / write overflow in make_secret(). (bnc#1049086)
- CVE-2017-10979: Fix write overflow in rad_coalesce(). (bsc#1049086)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:2244-1
- E-Mail link for SUSE-SU-2017:2244-1
- SUSE Security Ratings
- SUSE Bug 1049086
- SUSE CVE CVE-2017-10978 page
- SUSE CVE CVE-2017-10979 page
- SUSE CVE CVE-2017-10981 page
- SUSE CVE CVE-2017-10982 page
- SUSE CVE CVE-2017-10983 page
Описание
An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10978
- SUSE Bug 1049086
Описание
An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code.
Затронутые продукты
Ссылки
- CVE-2017-10979
- SUSE Bug 1049086
Описание
An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10981
- SUSE Bug 1049086
Описание
An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10982
- SUSE Bug 1049086
Описание
An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service.
Затронутые продукты
Ссылки
- CVE-2017-10983
- SUSE Bug 1049086