(RHSA-2004:609) freeradius security update

ID RHSA-2004:609
Type redhat
Reporter RedHat
Modified 2017-07-29T20:33:47


FreeRADIUS is a high-performance and highly configurable free RADIUS server designed to allow centralized authentication and authorization for a network.

A number of flaws were found in FreeRADIUS versions prior to 1.0.1. An attacker who is able to send packets to the server could construct carefully constructed packets in such a way as to cause the server to consume memory or crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2004-0938, CAN-2004-0960, and CAN-2004-0961 to these issues.

Users of FreeRADIUS should update to these erratum packages that contain FreeRADIUS 1.0.1, which is not vulnerable to these issues and also corrects a number of bugs.