Описание
Security update for freeradius-server
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).
Список пакетов
SUSE Linux Enterprise Server 12 SP3
freeradius-server-3.0.15-2.11.2
freeradius-server-doc-3.0.15-2.11.2
freeradius-server-krb5-3.0.15-2.11.2
freeradius-server-ldap-3.0.15-2.11.2
freeradius-server-libs-3.0.15-2.11.2
freeradius-server-mysql-3.0.15-2.11.2
freeradius-server-perl-3.0.15-2.11.2
freeradius-server-postgresql-3.0.15-2.11.2
freeradius-server-python-3.0.15-2.11.2
freeradius-server-sqlite-3.0.15-2.11.2
freeradius-server-utils-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP4
freeradius-server-3.0.15-2.11.2
freeradius-server-doc-3.0.15-2.11.2
freeradius-server-krb5-3.0.15-2.11.2
freeradius-server-ldap-3.0.15-2.11.2
freeradius-server-libs-3.0.15-2.11.2
freeradius-server-mysql-3.0.15-2.11.2
freeradius-server-perl-3.0.15-2.11.2
freeradius-server-postgresql-3.0.15-2.11.2
freeradius-server-python-3.0.15-2.11.2
freeradius-server-sqlite-3.0.15-2.11.2
freeradius-server-utils-3.0.15-2.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
freeradius-server-3.0.15-2.11.2
freeradius-server-doc-3.0.15-2.11.2
freeradius-server-krb5-3.0.15-2.11.2
freeradius-server-ldap-3.0.15-2.11.2
freeradius-server-libs-3.0.15-2.11.2
freeradius-server-mysql-3.0.15-2.11.2
freeradius-server-perl-3.0.15-2.11.2
freeradius-server-postgresql-3.0.15-2.11.2
freeradius-server-python-3.0.15-2.11.2
freeradius-server-sqlite-3.0.15-2.11.2
freeradius-server-utils-3.0.15-2.11.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
freeradius-server-3.0.15-2.11.2
freeradius-server-doc-3.0.15-2.11.2
freeradius-server-krb5-3.0.15-2.11.2
freeradius-server-ldap-3.0.15-2.11.2
freeradius-server-libs-3.0.15-2.11.2
freeradius-server-mysql-3.0.15-2.11.2
freeradius-server-perl-3.0.15-2.11.2
freeradius-server-postgresql-3.0.15-2.11.2
freeradius-server-python-3.0.15-2.11.2
freeradius-server-sqlite-3.0.15-2.11.2
freeradius-server-utils-3.0.15-2.11.2
SUSE Linux Enterprise Software Development Kit 12 SP3
freeradius-server-devel-3.0.15-2.11.2
SUSE Linux Enterprise Software Development Kit 12 SP4
freeradius-server-devel-3.0.15-2.11.2
Ссылки
- Link for SUSE-SU-2019:1181-1
- E-Mail link for SUSE-SU-2019:1181-1
- SUSE Security Ratings
- SUSE Bug 1132549
- SUSE Bug 1132664
- SUSE CVE CVE-2019-11234 page
- SUSE CVE CVE-2019-11235 page
Описание
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:freeradius-server-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-doc-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-krb5-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-ldap-3.0.15-2.11.2
Ссылки
- CVE-2019-11234
- SUSE Bug 1132664
Описание
FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3:freeradius-server-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-doc-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-krb5-3.0.15-2.11.2
SUSE Linux Enterprise Server 12 SP3:freeradius-server-ldap-3.0.15-2.11.2
Ссылки
- CVE-2019-11235
- SUSE Bug 1132549
- SUSE Bug 1132664
- SUSE Bug 1144524