(RHSA-2019:1131) Important: freeradius security update

2019-05-09T18:32:05
ID RHSA-2019:1131
Type redhat
Reporter RedHat
Modified 2019-05-09T18:47:41

Description

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service (RADIUS) server, designed to allow centralized authentication and authorization for a network.

Security Fix(es):

  • freeradius: eap-pwd: authentication bypass via an invalid curve attack (CVE-2019-11235)

  • freeradius: eap-pwd: fake authentication using reflection (CVE-2019-11234)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.