Medium: freeradius

2015-08-17T12:30:00
ID ALAS-2015-581
Type amazon
Reporter Amazon
Modified 2015-08-17T12:30:00

Description

Issue Overview:

A stack-based buffer overflow was found in the way the FreeRADIUS rlm_pap module handled long password hashes. An attacker able to make radiusd process a malformed password hash could cause the daemon to crash.

Affected Packages:

freeradius

Issue Correction:
Run yum update freeradius to update your system.

New Packages:

i686:  
    freeradius-mysql-2.2.6-4.15.amzn1.i686  
    freeradius-utils-2.2.6-4.15.amzn1.i686  
    freeradius-debuginfo-2.2.6-4.15.amzn1.i686  
    freeradius-unixODBC-2.2.6-4.15.amzn1.i686  
    freeradius-2.2.6-4.15.amzn1.i686  
    freeradius-perl-2.2.6-4.15.amzn1.i686  
    freeradius-postgresql-2.2.6-4.15.amzn1.i686  
    freeradius-ldap-2.2.6-4.15.amzn1.i686  
    freeradius-krb5-2.2.6-4.15.amzn1.i686  
    freeradius-python-2.2.6-4.15.amzn1.i686

src:  
    freeradius-2.2.6-4.15.amzn1.src

x86_64:  
    freeradius-utils-2.2.6-4.15.amzn1.x86_64  
    freeradius-mysql-2.2.6-4.15.amzn1.x86_64  
    freeradius-debuginfo-2.2.6-4.15.amzn1.x86_64  
    freeradius-perl-2.2.6-4.15.amzn1.x86_64  
    freeradius-postgresql-2.2.6-4.15.amzn1.x86_64  
    freeradius-unixODBC-2.2.6-4.15.amzn1.x86_64  
    freeradius-python-2.2.6-4.15.amzn1.x86_64  
    freeradius-krb5-2.2.6-4.15.amzn1.x86_64  
    freeradius-2.2.6-4.15.amzn1.x86_64  
    freeradius-ldap-2.2.6-4.15.amzn1.x86_64