CentOS 7 : freeradius (RHSA-2020:3984)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3984 advisory. - It was discovered freeradius up to and including version 3.0.19 does not correctly configure logrotate, allowing a local attacker who already has...

Buffer Over-read

freeradius is heap-based buffer over-read. It is possible due to a flaw in multithreaded BNCTX access...

openSUSE Security Update : freeradius-server (openSUSE-2020-553)

This update for freeradius-server fixes the following issues : - CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. - CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. - Fixed an issue in TLS-EAP where the OCSP verification, when an...

SUSE SLED15 / SLES15 Security Update : freeradius-server (SUSE-SU-2020:1023-1)

This update for freeradius-server fixes the following issues : CVE-2019-13456: Fixed a side-channel password leak in EAP-pwd bsc1144524. CVE-2019-17185: Fixed a debial of service due to multithreaded BNCTX access bsc1166847. Fixed an issue in TLS-EAP where the OCSP verification, when an...

Updated freeradius packages fix security vulnerabilities

Updated freeradius packages fix security vulnerabilities: It was discovered freeradius does not correctly configure logrotate, allowing a local attacker who already has control of the radiusd user to escalate his privileges to root, by tricking logrotate into writing a radiusd-writable file to a...