freeradius security update

2009-10-3014:43:49

CentOS Project

lists.centos.org

0.955 High

EPSS

Percentile

99.4%

JSON

CentOS Errata and Security Advisory CESA-2009:1451

FreeRADIUS is a high-performance and highly configurable free Remote
Authentication Dial In User Service (RADIUS) server, designed to allow
centralized authentication and authorization for a network.

An input validation flaw was discovered in the way FreeRADIUS decoded
specific RADIUS attributes from RADIUS packets. A remote attacker could use
this flaw to crash the RADIUS daemon (radiusd) via a specially-crafted
RADIUS packet. (CVE-2009-3111)

Users of FreeRADIUS are advised to upgrade to these updated packages, which
contain a backported patch to correct this issue. After installing the
update, radiusd will be restarted automatically.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-October/078390.html
https://lists.centos.org/pipermail/centos-announce/2009-October/078391.html

Affected packages:
freeradius
freeradius-mysql
freeradius-postgresql
freeradius-unixODBC

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1451

OSVersionArchitecturePackageVersionFilename
CentOS5i386freeradius< 1.1.3-1.5.el5_4freeradius-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-mysql< 1.1.3-1.5.el5_4freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-postgresql< 1.1.3-1.5.el5_4freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-unixodbc< 1.1.3-1.5.el5_4freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius< 1.1.3-1.5.el5_4freeradius-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-mysql< 1.1.3-1.5.el5_4freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-postgresql< 1.1.3-1.5.el5_4freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
CentOS5i386freeradius-unixodbc< 1.1.3-1.5.el5_4freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
CentOS5x86_64freeradius< 1.1.3-1.5.el5_4freeradius-1.1.3-1.5.el5_4.x86_64.rpm
CentOS5x86_64freeradius-mysql< 1.1.3-1.5.el5_4freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	5	i386	freeradius	< 1.1.3-1.5.el5_4	freeradius-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-mysql	< 1.1.3-1.5.el5_4	freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-postgresql	< 1.1.3-1.5.el5_4	freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-unixodbc	< 1.1.3-1.5.el5_4	freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius	< 1.1.3-1.5.el5_4	freeradius-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-mysql	< 1.1.3-1.5.el5_4	freeradius-mysql-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-postgresql	< 1.1.3-1.5.el5_4	freeradius-postgresql-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	i386	freeradius-unixodbc	< 1.1.3-1.5.el5_4	freeradius-unixODBC-1.1.3-1.5.el5_4.i386.rpm
CentOS	5	x86_64	freeradius	< 1.1.3-1.5.el5_4	freeradius-1.1.3-1.5.el5_4.x86_64.rpm
CentOS	5	x86_64	freeradius-mysql	< 1.1.3-1.5.el5_4	freeradius-mysql-1.1.3-1.5.el5_4.x86_64.rpm