MiracleLinux 7 : freeradius-3.0.13-10.el7 (AXSA:2019-3883:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-3883:01 advisory. Security Fix - FreeRADIUSCVE-2019-9497 Dragonblood CVE-2019-11234 - FreeRADIUSCVE-2019-9498CVE-2019-9499 Dragonblood CVE-2019-11235...

SUSE CVE-2019-11235

FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499...

Mageia: Security Advisory (MGASA-2019-0176)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1039-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1181-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : freeradius:3.0 (CESA-2019:1142)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1142 advisory. - freeradius: eap-pwd: fake authentication using reflection CVE-2019-11234 - freeradius: eap-pwd: authentication bypass via an invalid curve attack...

Virtuozzo 7 : freeradius / freeradius-devel / freeradius-doc / etc (VZLSA-2019-1131)

An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2020:0542-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NewStart CGSL CORE 5.05 / MAIN 5.05 : freeradius Multiple Vulnerabilities (NS-SA-2019-0083)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has freeradius packages installed that are affected by multiple vulnerabilities: - FreeRADIUS before 3.0.19 mishandles the each participant verifies that the received scalar is within a range, and that the received group elemen...

NewStart CGSL CORE 5.04 / MAIN 5.04 : freeradius Multiple Vulnerabilities (NS-SA-2019-0079)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has freeradius packages installed that are affected by multiple vulnerabilities: - FreeRADIUS before 3.0.19 mishandles the each participant verifies that the received scalar is within a range, and that the received group elemen...

Oracle Linux 8 : freeradius:3.0 (ELSA-2019-1142)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1142 advisory. 3.0.17-4 - Fixes two EAP-PWD security issues Resolves: bz1699416 authentication bypass with an invalid curve attack Tenable has extracted the preceding...

Important: freeradius

Issue Overview: FreeRADIUS mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and...

MGASA-2019-0176 Updated freeradius packages fix security vulnerability

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...

Updated freeradius packages fix security vulnerability

An attacker can reflect the received scalar and element from the server in it's own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successfully authenticate as the victim CVE-2019-11234. An invalid curve attack allows an attacker to authenticate a...

CentOS 7 : freeradius (CESA-2019:1131)

An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

freeradius security update

CentOS Errata and Security Advisory CESA-2019:1131 An update for freeradius is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Oracle Linux 7 : freeradius (ELSA-2019-1131)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1131 advisory. 3.0.13-10 - Fixes two EAP-PWD security issues Resolves: bz1699413 authentication bypass with an invalid curve attack Tenable has extracted the precedin...

openSUSE Security Update : freeradius-server (openSUSE-2019-1394)

This update for freeradius-server fixes the following issues : Security issues fixed : - CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points bsc1132549. - CVE-2019-11234: Fixed an authentication bypass caused by...

openSUSE: Security Advisory for freeradius-server (openSUSE-SU-2019:1394-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for freeradius-server (important)

openSUSE Security Update: Security update for freeradius-server Announcement ID: openSUSE-SU-2019:1394-1 Rating: important References: 1132549 1132664 Cross-References: CVE-2019-11234 CVE-2019-11235 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available...