Описание
Security update for freeradius-server
This update for freeradius-server fixes the following issues:
- CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Linux Enterprise Module for Server Applications 15 SP5
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Linux Enterprise Server 15 SP4-LTSS
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Manager Proxy 4.3
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
SUSE Manager Server 4.3
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
openSUSE Leap 15.5
freeradius-server-3.0.25-150400.4.7.1
freeradius-server-devel-3.0.25-150400.4.7.1
freeradius-server-doc-3.0.25-150400.4.7.1
freeradius-server-krb5-3.0.25-150400.4.7.1
freeradius-server-ldap-3.0.25-150400.4.7.1
freeradius-server-ldap-schemas-3.0.25-150400.4.7.1
freeradius-server-libs-3.0.25-150400.4.7.1
freeradius-server-mysql-3.0.25-150400.4.7.1
freeradius-server-perl-3.0.25-150400.4.7.1
freeradius-server-postgresql-3.0.25-150400.4.7.1
freeradius-server-python3-3.0.25-150400.4.7.1
freeradius-server-sqlite-3.0.25-150400.4.7.1
freeradius-server-utils-3.0.25-150400.4.7.1
Ссылки
- Link for SUSE-SU-2024:2366-1
- E-Mail link for SUSE-SU-2024:2366-1
- SUSE Security Ratings
- SUSE Bug 1223414
- SUSE CVE CVE-2024-3596 page
Описание
RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:freeradius-server-3.0.25-150400.4.7.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:freeradius-server-devel-3.0.25-150400.4.7.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:freeradius-server-krb5-3.0.25-150400.4.7.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:freeradius-server-ldap-3.0.25-150400.4.7.1
Ссылки
- CVE-2024-3596
- SUSE Bug 1223414