Updated freeradius packages fix security vulnerabilities
Publication date: 30 Jul 2017Modification date: 30 Jul 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-10978 , CVE-2017-10979 , CVE-2017-10980 , CVE-2017-10981 , CVE-2017-10982 , CVE-2017-10983 , CVE-2017-10984 , CVE-2017-10985 , CVE-2017-10986 , CVE-2017-10987 , CVE-2017-10988
Description
Fuzz testing of freeradius found multiple vulnerabilites that resulted in either the potential for remote code execution or a possible denial of service (except for CVE-2017-10988 which was later determined to not actually result in any vulnerability).
References
- https://bugs.mageia.org/show_bug.cgi?id=21268
- https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10978
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10979
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10980
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10981
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10982
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10983
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10984
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10985
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10986
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10987
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10988
SRPMS
6/core
- freeradius-3.0.15-1.mga6
5/core
- freeradius-2.2.10-1.mga5