freeradius security update

2007-05-1016:23:13

CentOS Project

lists.centos.org

0.013 Low

EPSS

Percentile

85.8%

JSON

CentOS Errata and Security Advisory CESA-2007:0338

FreeRADIUS is a high-performance and highly configurable free RADIUS server
designed to allow centralized authentication and authorization for a network.

A memory leak flaw was found in the way FreeRADIUS parses certain
authentication requests. A remote attacker could send a specially crafted
authentication request which could cause FreeRADIUS to leak a small amount
of memory. If enough of these requests are sent, the FreeRADIUS daemon
would consume a vast quantity of system memory leading to a possible denial
of service. (CVE-2007-2028)

Users of FreeRADIUS should update to these erratum packages, which contain a
backported patch to correct this issue.

Affected packages:
freeradius
freeradius-mysql
freeradius-postgresql
freeradius-unixODBC

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0338

OSVersionArchitecturePackageVersionFilename
CentOS3ia64freeradius< 1.0.1-2.RHEL3.4freeradius-1.0.1-2.RHEL3.4.ia64.rpm
CentOS3ia64freeradius-mysql< 1.0.1-2.RHEL3.4freeradius-mysql-1.0.1-2.RHEL3.4.ia64.rpm
CentOS3ia64freeradius-postgresql< 1.0.1-2.RHEL3.4freeradius-postgresql-1.0.1-2.RHEL3.4.ia64.rpm
CentOS3ia64freeradius-unixodbc< 1.0.1-2.RHEL3.4freeradius-unixODBC-1.0.1-2.RHEL3.4.ia64.rpm
CentOS4ia64freeradius< 1.0.1-3.RHEL4.5freeradius-1.0.1-3.RHEL4.5.ia64.rpm
CentOS4ia64freeradius-mysql< 1.0.1-3.RHEL4.5freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
CentOS4ia64freeradius-postgresql< 1.0.1-3.RHEL4.5freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
CentOS4ia64freeradius-unixodbc< 1.0.1-3.RHEL4.5freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm
CentOS3i386freeradius< 1.0.1-2.RHEL3.4freeradius-1.0.1-2.RHEL3.4.i386.rpm
CentOS3i386freeradius-mysql< 1.0.1-2.RHEL3.4freeradius-mysql-1.0.1-2.RHEL3.4.i386.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	3	ia64	freeradius	< 1.0.1-2.RHEL3.4	freeradius-1.0.1-2.RHEL3.4.ia64.rpm
CentOS	3	ia64	freeradius-mysql	< 1.0.1-2.RHEL3.4	freeradius-mysql-1.0.1-2.RHEL3.4.ia64.rpm
CentOS	3	ia64	freeradius-postgresql	< 1.0.1-2.RHEL3.4	freeradius-postgresql-1.0.1-2.RHEL3.4.ia64.rpm
CentOS	3	ia64	freeradius-unixodbc	< 1.0.1-2.RHEL3.4	freeradius-unixODBC-1.0.1-2.RHEL3.4.ia64.rpm
CentOS	4	ia64	freeradius	< 1.0.1-3.RHEL4.5	freeradius-1.0.1-3.RHEL4.5.ia64.rpm
CentOS	4	ia64	freeradius-mysql	< 1.0.1-3.RHEL4.5	freeradius-mysql-1.0.1-3.RHEL4.5.ia64.rpm
CentOS	4	ia64	freeradius-postgresql	< 1.0.1-3.RHEL4.5	freeradius-postgresql-1.0.1-3.RHEL4.5.ia64.rpm
CentOS	4	ia64	freeradius-unixodbc	< 1.0.1-3.RHEL4.5	freeradius-unixODBC-1.0.1-3.RHEL4.5.ia64.rpm
CentOS	3	i386	freeradius	< 1.0.1-2.RHEL3.4	freeradius-1.0.1-2.RHEL3.4.i386.rpm
CentOS	3	i386	freeradius-mysql	< 1.0.1-2.RHEL3.4	freeradius-mysql-1.0.1-2.RHEL3.4.i386.rpm