Security update for freeradius-server (important)

ID OPENSUSE-SU-2020:0542-1
Type suse
Reporter Suse
Modified 2020-04-23T15:29:21


This update for freeradius-server fixes the following issues:

Security issues fixed:

  • CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD Commit frame and insufficent validation of elliptic curve points (bsc#1132549).
  • CVE-2019-11234: Fixed an authentication bypass caused by reflecting privous values back to the server (bsc#1132664).

This update was imported from the SUSE:SLE-15:Update update project.