Lucene search
OracleLinuxELSA-2020-3984HistoryOct 06, 2020 - 12:00 a.m.
freeradius security and bug fix update
2020-10-0600:00:00
linux.oracle.com
16
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
[3.0.13-15]
- Fixes EAP-PWD: DoS issues due to multithreaded BN_CTX access
Resolves: bz#1818808
[3.0.13-14 - Fixes receiving of multiple RADIUS packets under load
Resolves: bz#1630684
[3.0.13-13] - Fixes logging of cleartext pap password
Resolves: bz#1677435
[3.0.13-12] - Fixes paircompare with attribute references and expansions
Resolves: bz#1592741
[3.0.13-11] - Fixes logrotate, EAP-PWD vulnerability
Resolves: bz#1719368 privilege escalation due to insecure logrotate configuration
Resolves: bz#1751796 eap-pwd: Information leak due to aborting when needing more than 10 iterations
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | freeradius | < 3.0.13-15.el7 | freeradius-3.0.13-15.el7.src.rpm |
| oracle linux | 7 | aarch64 | freeradius | < 3.0.13-15.el7 | freeradius-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-devel | < 3.0.13-15.el7 | freeradius-devel-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-doc | < 3.0.13-15.el7 | freeradius-doc-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-krb5 | < 3.0.13-15.el7 | freeradius-krb5-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-ldap | < 3.0.13-15.el7 | freeradius-ldap-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-mysql | < 3.0.13-15.el7 | freeradius-mysql-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-perl | < 3.0.13-15.el7 | freeradius-perl-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-postgresql | < 3.0.13-15.el7 | freeradius-postgresql-3.0.13-15.el7.aarch64.rpm |
| oracle linux | 7 | aarch64 | freeradius-python | < 3.0.13-15.el7 | freeradius-python-3.0.13-15.el7.aarch64.rpm |
Related
centos
centos
freeradius security update
2020-10-20 18:02:54
mageia
mageia
Updated freeradius packages fix security vulnerabilities
2020-01-05 18:37:51
nessus
nessus
Scientific Linux Security Update : freeradius on SL7.x x86_64 (20201001)
2020-10-21 00:00:00
RHEL 7 : freeradius (RHSA-2020:3984)
2020-09-29 00:00:00
CentOS 7 : freeradius (CESA-2020:3984)
2020-10-20 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0007)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:2391-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0553-1)
2020-04-27 00:00:00
amazon
amazon
Medium: freeradius
2020-10-22 17:34:00
redhat
redhat
(RHSA-2020:3984) Moderate: freeradius security and bug fix update
2020-09-29 07:48:48
(RHSA-2020:1672) Moderate: freeradius:3.0 security update
2020-04-28 09:03:31
(RHSA-2019:3353) Moderate: freeradius:3.0 security and bug fix update
2019-11-05 17:34:35
suse
suse
Security update for freeradius-server (moderate)
2020-04-26 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: freeradius-3.0.20-1.fc31
2019-12-01 00:46:59
[SECURITY] Fedora 29 Update: freeradius-3.0.19-3.fc29
2019-08-13 01:59:31
[SECURITY] Fedora 30 Update: freeradius-3.0.19-3.fc30
2019-06-19 22:46:10
prion
prion
Design/Logic Flaw
2019-05-24 17:29:00
Design/Logic Flaw
2020-03-21 01:15:00
Default credentials
2019-12-03 20:15:00
osv
osv
CVE-2019-10143
2019-05-24 17:29:00
CVE-2019-17185
2020-03-21 01:15:12
Moderate: freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
ubuntucve
ubuntucve
redhatcve
redhatcve
oraclelinux
oraclelinux
freeradius:3.0 security update
2020-05-05 00:00:00
freeradius:3.0 security and bug fix update
2020-11-10 00:00:00
freeradius:3.0 security and bug fix update
2019-11-14 00:00:00
rocky
rocky
freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
almalinux
almalinux
Moderate: freeradius:3.0 security and bug fix update
2020-11-03 12:37:04
debiancve
debiancve
veracode
veracode
Privilege Escalation
2020-05-10 23:27:53
Information Leakage
2020-10-01 03:53:18
Buffer Over-read
2020-10-01 03:53:18
cve
cve
alpinelinux
alpinelinux
CVE-2019-10143
2019-05-24 17:29:00
packetstorm
packetstorm
FreeRadius 3.0.19 Logrotate Privilege Escalation
2019-11-15 00:00:00
zdt
zdt
FreeRadius 3.0.19 Logrotate Privilege Escalation Vulnerability
2019-11-16 00:00:00
thn
thn
Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords
2019-08-03 09:23:00
ubuntu
ubuntu
FreeRADIUS vulnerabilities
2023-01-04 00:00:00
hackerone
hackerone
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
Related for ELSA-2020-3984