SUSE-SU-2024:2367-1

Опубликовано: 09 июл. 2024

Источник: suse-cvrf

Описание

Security update for freeradius-server

This update for freeradius-server fixes the following issues:

CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414).

Список пакетов

SUSE Enterprise Storage 7.1

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise Server 15 SP2-LTSS

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise Server 15 SP3-LTSS

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

freeradius-server-3.0.21-150200.3.15.1

freeradius-server-devel-3.0.21-150200.3.15.1

freeradius-server-krb5-3.0.21-150200.3.15.1

freeradius-server-ldap-3.0.21-150200.3.15.1

freeradius-server-libs-3.0.21-150200.3.15.1

freeradius-server-mysql-3.0.21-150200.3.15.1

freeradius-server-perl-3.0.21-150200.3.15.1

freeradius-server-postgresql-3.0.21-150200.3.15.1

freeradius-server-python3-3.0.21-150200.3.15.1

freeradius-server-sqlite-3.0.21-150200.3.15.1

freeradius-server-utils-3.0.21-150200.3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242367-1/
Link for SUSE-SU-2024:2367-1
https://lists.suse.com/pipermail/sle-updates/2024-July/035870.html
E-Mail link for SUSE-SU-2024:2367-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223414
SUSE Bug 1223414
https://www.suse.com/security/cve/CVE-2024-3596/
SUSE CVE CVE-2024-3596 page

Описание

RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

Затронутые продукты

SUSE Enterprise Storage 7.1:freeradius-server-3.0.21-150200.3.15.1

SUSE Enterprise Storage 7.1:freeradius-server-devel-3.0.21-150200.3.15.1

SUSE Enterprise Storage 7.1:freeradius-server-krb5-3.0.21-150200.3.15.1

SUSE Enterprise Storage 7.1:freeradius-server-ldap-3.0.21-150200.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3596.html
CVE-2024-3596
https://bugzilla.suse.com/1223414
SUSE Bug 1223414

SUSE-SU-2024:2367-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

Ссылки

Уязвимость: CVE-2024-3596

Описание

Затронутые продукты

Ссылки