openSUSE-SU-2017:1609-1

Опубликовано: 19 июн. 2017

Источник: suse-cvrf

Описание

Security update for freeradius-server

This update for freeradius-server fixes the following issues:

CVE-2017-9148: Disable OpenSSL's internal session cache to mitigate authentication bypass. (boo#1041445)

Список пакетов

openSUSE Leap 42.2

freeradius-server-3.0.12-2.3.1

freeradius-server-devel-3.0.12-2.3.1

freeradius-server-doc-3.0.12-2.3.1

freeradius-server-krb5-3.0.12-2.3.1

freeradius-server-ldap-3.0.12-2.3.1

freeradius-server-libs-3.0.12-2.3.1

freeradius-server-mysql-3.0.12-2.3.1

freeradius-server-perl-3.0.12-2.3.1

freeradius-server-postgresql-3.0.12-2.3.1

freeradius-server-python-3.0.12-2.3.1

freeradius-server-sqlite-3.0.12-2.3.1

freeradius-server-utils-3.0.12-2.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-06/msg00069.html
E-Mail link for openSUSE-SU-2017:1609-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before 3.0.14, 3.1.x before 2017-02-04, and 4.0.x before 2017-02-04 fails to reliably prevent resumption of an unauthenticated session, which allows remote attackers (such as malicious 802.1X supplicants) to bypass authentication via PEAP or TTLS.

Затронутые продукты

openSUSE Leap 42.2:freeradius-server-3.0.12-2.3.1

openSUSE Leap 42.2:freeradius-server-devel-3.0.12-2.3.1

openSUSE Leap 42.2:freeradius-server-doc-3.0.12-2.3.1

openSUSE Leap 42.2:freeradius-server-krb5-3.0.12-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-9148.html
CVE-2017-9148
https://bugzilla.suse.com/1041445
SUSE Bug 1041445
https://bugzilla.suse.com/1046141
SUSE Bug 1046141

openSUSE-SU-2017:1609-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-9148

Описание

Затронутые продукты

Ссылки