Описание
Security update for freeradius-server
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
Список пакетов
SUSE Enterprise Storage 4
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server 12 SP1-LTSS
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server 12 SP2-BCL
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server 12 SP2-LTSS
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server 12-LTSS
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
SUSE OpenStack Cloud 7
freeradius-server-3.0.3-17.12.1
freeradius-server-doc-3.0.3-17.12.1
freeradius-server-krb5-3.0.3-17.12.1
freeradius-server-ldap-3.0.3-17.12.1
freeradius-server-libs-3.0.3-17.12.1
freeradius-server-mysql-3.0.3-17.12.1
freeradius-server-perl-3.0.3-17.12.1
freeradius-server-postgresql-3.0.3-17.12.1
freeradius-server-python-3.0.3-17.12.1
freeradius-server-sqlite-3.0.3-17.12.1
freeradius-server-utils-3.0.3-17.12.1
Ссылки
- Link for SUSE-SU-2019:1039-1
- E-Mail link for SUSE-SU-2019:1039-1
- SUSE Security Ratings
- SUSE Bug 1132549
- SUSE Bug 1132664
- SUSE CVE CVE-2019-11234 page
- SUSE CVE CVE-2019-11235 page
Описание
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Затронутые продукты
SUSE Enterprise Storage 4:freeradius-server-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-doc-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-krb5-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-ldap-3.0.3-17.12.1
Ссылки
- CVE-2019-11234
- SUSE Bug 1132664
Описание
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Затронутые продукты
SUSE Enterprise Storage 4:freeradius-server-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-doc-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-krb5-3.0.3-17.12.1
SUSE Enterprise Storage 4:freeradius-server-ldap-3.0.3-17.12.1
Ссылки
- CVE-2019-11235
- SUSE Bug 1132549
- SUSE Bug 1132664
- SUSE Bug 1144524