Security update for freeradius-server (important)

2020-04-23T15:29:21
ID OPENSUSE-SU-2020:0542-1
Type suse
Reporter Suse
Modified 2020-04-23T15:29:21

Description

This update for freeradius-server fixes the following issues:

Security issues fixed:

  • CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
  • CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).

This update was imported from the SUSE:SLE-15:Update update project.