Stefan Winter and Luboš Pavlíček discovered that FreeRADIUS incorrectly
handled the TLS session cache. A remote attacker could possibly use this
issue to bypass authentication by resuming an unauthenticated session.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 17.04 | noarch | freeradius | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-common | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-config | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-dbgsym | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-dhcp | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-dhcp-dbgsym | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-iodbc | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-iodbc-dbgsym | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-krb5 | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |
Ubuntu | 17.04 | noarch | freeradius-krb5-dbgsym | < 3.0.12+dfsg-4ubuntu1.1 | UNKNOWN |