ELSA-2017-2389

ELSA-2017-2389 - freeradius security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2017-08-09

Description


[3.0.13-8]
- Avoid misinterpreting zero-size malloc in data2vp_extended() fix.
- Related: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()

[3.0.13-7]
- Resolves: Bug#1469409 CVE-2017-10978 freeradius: Out-of-bounds read/write due
to improper output buffer size check in make_secret()
- Resolves: Bug#1469413 CVE-2017-10983 freeradius: Out-of-bounds read in
fr_dhcp_decode() when decoding option 63
- Resolves: Bug#1469414 CVE-2017-10984 freeradius: Out-of-bounds write in
data2vp_wimax()
- Resolves: Bug#1469417 CVE-2017-10985 freeradius: Infinite loop and memory
exhaustion with 'concat' attributes
- Resolves: Bug#1469418 CVE-2017-10986 freeradius: Infinite read in
dhcp_attr2vp()
- Resolves: Bug#1469421 CVE-2017-10987 freeradius: Buffer over-read in
fr_dhcp_decode_suboptions()


Related CVEs


CVE-2017-10978
CVE-2017-10983
CVE-2017-10984
CVE-2017-10985
CVE-2017-10986
CVE-2017-10987

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) freeradius-3.0.13-8.el7_4.src.rpm4f8c7d48c8d354560505cd635d54dd70-
freeradius-3.0.13-8.el7_4.x86_64.rpm5315db3bec3303d882b4171b4f8da49b-
freeradius-devel-3.0.13-8.el7_4.i686.rpma5971370c0392fb7d8d2e8fbf918e700-
freeradius-devel-3.0.13-8.el7_4.x86_64.rpm0df5aedd8db45018643a3384b53aa68e-
freeradius-doc-3.0.13-8.el7_4.x86_64.rpm6ddd7957521be43f19b87ec3e76f158f-
freeradius-krb5-3.0.13-8.el7_4.x86_64.rpm1259ac28398cbc0972497da8a62cdf89-
freeradius-ldap-3.0.13-8.el7_4.x86_64.rpmfa6f72ddbcbf1f22be94ca0b3fa879a4-
freeradius-mysql-3.0.13-8.el7_4.x86_64.rpmf57d9ac228e939f0ce044d7ceb777bbe-
freeradius-perl-3.0.13-8.el7_4.x86_64.rpme9dfde4f323576085bbea6651d6ad0bd-
freeradius-postgresql-3.0.13-8.el7_4.x86_64.rpm066db468f4c73b04979a56508c46ddca-
freeradius-python-3.0.13-8.el7_4.x86_64.rpmdc007dd6298a1edda3fa2884edacef47-
freeradius-sqlite-3.0.13-8.el7_4.x86_64.rpmd9f0c7e2bc37c0bec0279aae3bb15a5b-
freeradius-unixODBC-3.0.13-8.el7_4.x86_64.rpmc42b77f15e568033bc2ede8af3b76b28-
freeradius-utils-3.0.13-8.el7_4.x86_64.rpmef48c4018f16b1b3272e4f3c68fbfa23-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete