Stay Connected:

ELSA-2020-3984

ELSA-2020-3984 - freeradius security and bug fix update

Type:SECURITY
Severity:MODERATE
Release Date:2020-10-06

Description


[3.0.13-15]
- Fixes EAP-PWD: DoS issues due to multithreaded BN_CTX access
Resolves: bz#1818808

[3.0.13-14
- Fixes receiving of multiple RADIUS packets under load
Resolves: bz#1630684

[3.0.13-13]
- Fixes logging of cleartext pap password
Resolves: bz#1677435

[3.0.13-12]
- Fixes paircompare with attribute references and expansions
Resolves: bz#1592741

[3.0.13-11]
- Fixes logrotate, EAP-PWD vulnerability
Resolves: bz#1719368 privilege escalation due to insecure logrotate configuration
Resolves: bz#1751796 eap-pwd: Information leak due to aborting when needing more than 10 iterations


Related CVEs


CVE-2019-10143
CVE-2019-13456
CVE-2019-17185

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) freeradius-3.0.13-15.el7.src.rpmca9ab2acfbd9673a09d5dbbf1bd630c2-
freeradius-3.0.13-15.el7.aarch64.rpma3788f0c4e8b532d211bc19b36cebded-
freeradius-devel-3.0.13-15.el7.aarch64.rpm9125bebc5e3a6ad873fe15353e6383c8-
freeradius-doc-3.0.13-15.el7.aarch64.rpm28f0cd2b0cd12bd976e4d4c14490e1f0-
freeradius-krb5-3.0.13-15.el7.aarch64.rpm74b823c5c2f82bd073743c5d5c066833-
freeradius-ldap-3.0.13-15.el7.aarch64.rpme5574d453d17a310cda77182ec3036fd-
freeradius-mysql-3.0.13-15.el7.aarch64.rpme619cf281e725fe8b577600d1090be38-
freeradius-perl-3.0.13-15.el7.aarch64.rpm8715ddca10827b87c87d35bd587438be-
freeradius-postgresql-3.0.13-15.el7.aarch64.rpm757d15113d2a788200f7d019c6e40154-
freeradius-python-3.0.13-15.el7.aarch64.rpmf4690bbf14f442ff4386abd6f960d637-
freeradius-sqlite-3.0.13-15.el7.aarch64.rpmd7145b231aa0c12819c68d9b5172ea81-
freeradius-unixODBC-3.0.13-15.el7.aarch64.rpmd18310673e3fd2615f356524d70e8558-
freeradius-utils-3.0.13-15.el7.aarch64.rpm82e01e311c60bd728cf5bf4e9fb5bedd-
Oracle Linux 7 (x86_64) freeradius-3.0.13-15.el7.src.rpmca9ab2acfbd9673a09d5dbbf1bd630c2-
freeradius-3.0.13-15.el7.x86_64.rpmf175b79a7ed908d155e5208566da42ca-
freeradius-devel-3.0.13-15.el7.i686.rpm82f935088e6f0111129a1e1f66b26726-
freeradius-devel-3.0.13-15.el7.x86_64.rpm32acabf295516554ecae4f9153e1de5a-
freeradius-doc-3.0.13-15.el7.x86_64.rpmbb76b7d300b71d55ebde19d4a08feeb4-
freeradius-krb5-3.0.13-15.el7.x86_64.rpm6306fdb09664153a92a16d0d7a550dc7-
freeradius-ldap-3.0.13-15.el7.x86_64.rpm5e4836834f23f807f2f32272bed3ed92-
freeradius-mysql-3.0.13-15.el7.x86_64.rpm116151fc2823adfe3ff19e827a59095e-
freeradius-perl-3.0.13-15.el7.x86_64.rpm3860533f1ea2ed79aa1ea935c0df19d6-
freeradius-postgresql-3.0.13-15.el7.x86_64.rpm53d543f27be6bb9e6b63ad5a9a9fc725-
freeradius-python-3.0.13-15.el7.x86_64.rpmef9042ccbc345ffdf2c9f9dba115ca0e-
freeradius-sqlite-3.0.13-15.el7.x86_64.rpmc6204e66fd0fe87fb30f6a2bddcd1e9a-
freeradius-unixODBC-3.0.13-15.el7.x86_64.rpm7e444173e86f2067da29f96e759e428b-
freeradius-utils-3.0.13-15.el7.x86_64.rpm154278dc028aae46e16d3bffd6df48e4-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights